Trusted Design

How to Track Actors Behind Keyloggers Using Embedded Credentials

概要

This past year Unit 42 has seen a resurgence of keylogger activity and it seems like every week a new research blog comes out talking about one of four popular families: KeyBase, iSpy, HawkEye, or PredatorPain. These blogs usually delve into the technical workings of the threats, discuss their relationship to each other, and explain how they evolved from one another through new ownership or branding of the tools. The intent of this blog is not to rehash what has already been discussed, but instead to shift the focus to the actors behind these keylogger threats and show a practical technique for identification. Source : http://researchcenter.paloaltonetworks.com/2016/07/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

HawkEye keylogger (score: 0.68)
HawkEye Keylogger Campaigns Affect Multiple Industries (score: 0.68)
KeyBase Keylogger Malware Family Exposed (score: 0.67)
HawkEye keylogger (score: 0.67)
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 7.56

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1491 - Defacement
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Moonstone Sleet

Score: 8.91

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1491 - Defacement
T1057 - Process Discovery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Ke3chang

Score: 4.28

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN7

Score: 11.92

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1057 - Process Discovery
T1065 - Uncommonly Used Port
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

HAFNIUM

Score: 8.86

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.008 - Odbcconf
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Winter Vivern

Score: 6.88

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1548 - Abuse Elevation Control Mechanism
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN10

Score: 4.23

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1490 - Inhibit System Recovery

MITREへのリンク →

APT32

Score: 17.96

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1547.005 - Security Support Provider
T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

APT39

Score: 8.12

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1599 - Network Boundary Bridging
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT37

Score: 3.84

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 13.19

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1057 - Process Discovery
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage

MITREへのリンク →

Tropic Trooper

Score: 6.50

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Threat Group-3390

Score: 9.91

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1218.003 - CMSTP
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Magic Hound

Score: 22.43

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1586.003 - Cloud Accounts
T1547.005 - Security Support Provider
T1592.003 - Firmware
T1578.002 - Create Cloud Instance
T1547.013 - XDG Autostart Entries
T1098.002 - Additional Email Delegate Permissions

MITREへのリンク →

Chimera

Score: 15.44

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1491 - Defacement
T1592.003 - Firmware
T1132.002 - Non-Standard Encoding
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Patchwork

Score: 3.84

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Stealth Falcon

Score: 5.19

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1556.009 - Conditional Access Policies

MITREへのリンク →

Volt Typhoon

Score: 32.64

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1114 - Email Collection
T1547.005 - Security Support Provider
T1491 - Defacement
T1164 - Re-opened Applications
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1065 - Uncommonly Used Port
T1547.013 - XDG Autostart Entries
T1574.002 - DLL Side-Loading

MITREへのリンク →

Aquatic Panda

Score: 5.09

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gamaredon Group

Score: 5.97

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1055.014 - VDSO Hijacking
T1547.013 - XDG Autostart Entries

MITREへのリンク →

GALLIUM

Score: 5.09

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Wizard Spider

Score: 8.71

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1556.009 - Conditional Access Policies
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT41

Score: 12.65

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1574.002 - DLL Side-Loading

MITREへのリンク →

OilRig

Score: 9.39

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1218.010 - Regsvr32
T1556.009 - Conditional Access Policies
T1547.013 - XDG Autostart Entries

MITREへのリンク →

HEXANE

Score: 14.45

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1547.005 - Security Support Provider
T1055.014 - VDSO Hijacking
T1065 - Uncommonly Used Port
T1547.013 - XDG Autostart Entries

MITREへのリンク →

MuddyWater

Score: 3.84

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Dragonfly

Score: 11.30

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1193 - Spearphishing Attachment
T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Medusa Group

Score: 6.48

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.003 - CMSTP
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Sandworm Team

Score: 20.32

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1114 - Email Collection
T1484.002 - Trust Modification
T1193 - Spearphishing Attachment
T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-1811

Score: 9.81

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1599 - Network Boundary Bridging
T1578.002 - Create Cloud Instance
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Sidewinder

Score: 3.84

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT3

Score: 9.39

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT28

Score: 25.97

Matched TTPs:

T1596.003 - Digital Certificates
T1586.003 - Cloud Accounts
T1152 - Launchctl
T1057 - Process Discovery
T1592.003 - Firmware
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1546.007 - Netsh Helper DLL

MITREへのリンク →

Darkhotel

Score: 4.21

Matched TTPs:

T1596.003 - Digital Certificates
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Tonto Team

Score: 4.21

Matched TTPs:

T1596.003 - Digital Certificates
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

PLATINUM

Score: 7.25

Matched TTPs:

T1596.003 - Digital Certificates
T1547.013 - XDG Autostart Entries
T1686 - Disable or Modify System Firewall

MITREへのリンク →

Kimsuky

Score: 37.74

Matched TTPs:

T1596.003 - Digital Certificates
T1114 - Email Collection
T1152 - Launchctl
T1683.001 - Written Content
T1057 - Process Discovery
T1055.014 - VDSO Hijacking
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1132.002 - Non-Standard Encoding
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

APT42

Score: 9.40

Matched TTPs:

T1596.003 - Digital Certificates
T1599 - Network Boundary Bridging
T1132.002 - Non-Standard Encoding

MITREへのリンク →

FIN13

Score: 8.39

Matched TTPs:

T1596.003 - Digital Certificates
T1547.005 - Security Support Provider
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LAPSUS$

Score: 30.38

Matched TTPs:

T1216.001 - PubPrn
T1547.005 - Security Support Provider
T1193 - Spearphishing Attachment
T1218.008 - Odbcconf
T1596.004 - CDNs
T1592.003 - Firmware
T1065 - Uncommonly Used Port
T1132.002 - Non-Standard Encoding

MITREへのリンク →

Silent Librarian

Score: 3.29

Matched TTPs:

T1114 - Email Collection

MITREへのリンク →

EXOTIC LILY

Score: 8.62

Matched TTPs:

T1114 - Email Collection
T1690 - Prevent Command History Logging
T1218.010 - Regsvr32

MITREへのリンク →

TA578

Score: 3.29

Matched TTPs:

T1114 - Email Collection

MITREへのリンク →

Leviathan

Score: 13.46

Matched TTPs:

T1484.002 - Trust Modification
T1055.014 - VDSO Hijacking
T1592.003 - Firmware
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Contagious Interview

Score: 21.66

Matched TTPs:

T1586.003 - Cloud Accounts
T1547.005 - Security Support Provider
T1021.006 - Windows Remote Management
T1218.008 - Odbcconf
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging

MITREへのリンク →

BlackByte

Score: 4.40

Matched TTPs:

T1586.003 - Cloud Accounts
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Scattered Spider

Score: 6.99

Matched TTPs:

T1547.005 - Security Support Provider
T1491 - Defacement
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Star Blizzard

Score: 6.21

Matched TTPs:

T1547.005 - Security Support Provider
T1102.003 - One-Way Communication

MITREへのリンク →

Fox Kitten

Score: 4.06

Matched TTPs:

T1491 - Defacement
T1547.013 - XDG Autostart Entries

MITREへのリンク →

UNC3886

Score: 5.63

Matched TTPs:

T1021.006 - Windows Remote Management
T1218.010 - Regsvr32

MITREへのリンク →

APT29

Score: 13.32

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

BRONZE BUTLER

Score: 6.12

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mustang Panda

Score: 9.69

Matched TTPs:

T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1218.010 - Regsvr32
T1490 - Inhibit System Recovery

MITREへのリンク →

Ember Bear

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1668 - Exclusive Control

MITREへのリンク →

Turla

Score: 7.06

Matched TTPs:

T1556.009 - Conditional Access Policies
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Mustard Tempest

Score: 5.31

Matched TTPs:

T1543.002 - Systemd Service
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Play

Score: 3.44

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1152 - Launchctl
T1055.014 - VDSO Hijacking
T1490 - Inhibit System Recovery
T1114 - Email Collection
T1547.013 - XDG Autostart Entries
T1683.001 - Written Content
T1596.003 - Digital Certificates
T1132.002 - Non-Standard Encoding
T1057 - Process Discovery
T1668 - Exclusive Control
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging

MITREへのリンク →

Volt Typhoon

Score: 0.70

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1102.003 - One-Way Communication
T1114 - Email Collection
T1547.013 - XDG Autostart Entries
T1065 - Uncommonly Used Port
T1574.002 - DLL Side-Loading
T1596.003 - Digital Certificates
T1057 - Process Discovery
T1164 - Re-opened Applications
T1547.005 - Security Support Provider
T1491 - Defacement

MITREへのリンク →

LAPSUS$

Score: 0.66

Matched TTPs:

T1193 - Spearphishing Attachment
T1216.001 - PubPrn
T1218.008 - Odbcconf
T1065 - Uncommonly Used Port
T1596.004 - CDNs
T1592.003 - Firmware
T1132.002 - Non-Standard Encoding
T1547.005 - Security Support Provider

MITREへのリンク →

APT28

Score: 0.59

Matched TTPs:

T1152 - Launchctl
T1586.003 - Cloud Accounts
T1546.007 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1218.010 - Regsvr32
T1592.003 - Firmware
T1596.003 - Digital Certificates
T1057 - Process Discovery
T1668 - Exclusive Control

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る