Trusted Design

From Locky with love – reading malicious attachments

概要

Posted July 27, 2016 by Malwarebytes Labs The common way of malware distribution, used i.e. by Locky ransomware are downloader scripts. They are spread in massive spam campaigns – attached to e-mails. Using simple social engineering tricks attackers try to tempt recipients into running the attached file, that leads to downloading and deploying malicious payloads. Those scripts are most often obfuscated, using various tricks they try to hide the URL from where they get the payload. This time we will present some of the latest downloaders used to deliver Locky ransomware and show how to statically decipher their hidden URLs.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 29.72
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1578.001 - Create Snapshot
MITREへのリンク →

TA577

Score: 6.65
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 18.50
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 4.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 4.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 10.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 14.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Transparent Tribe

Score: 11.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 27.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 21.98
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1554 - Compromise Host Software Binary
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 18.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT39

Score: 12.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.002 - Authentication Package
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 10.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 8.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 11.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 17.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 12.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 8.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 9.03
Matched TTPs:
  • T1491.002 - External Defacement
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 19.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 16.44
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 7.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
MITREへのリンク →

Magic Hound

Score: 24.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 8.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 18.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 9.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 16.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Whitefly

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 10.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1542.004 - ROMMONkit
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 12.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1071.003 - Mail Protocols
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 4.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 13.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 26.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 11.86
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 33.59
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 6.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 15.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1654 - Log Enumeration
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 4.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 4.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 8.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

RedCurl

Score: 17.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1209 - Time Providers
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PLATINUM

Score: 8.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

TA551

Score: 7.34
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 7.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 9.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 13.42
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 13.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 9.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Wizard Spider

Score: 7.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 21.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN4

Score: 4.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 10.37
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 7.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 5.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
MITREへのリンク →

Patchwork

Score: 12.83
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN7

Score: 27.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Gorgon Group

Score: 4.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 18.69
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 8.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 3.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 11.19
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 23.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1592.004 - Client Configurations
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 14.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 21.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Naikon

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1209 - Time Providers
MITREへのリンク →

Mustang Panda

Score: 29.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 9.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 37.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

The White Company

Score: 5.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

IndigoZebra

Score: 4.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 4.30
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Indrik Spider

Score: 3.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 20.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 8.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 7.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 9.30
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cinnamon Tempest

Score: 8.31
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LuminousMoth

Score: 10.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 3.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 7.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 4.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
MITREへのリンク →

ZIRCONIUM

Score: 14.61
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Turla

Score: 18.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT42

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Scattered Spider

Score: 14.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 13.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 6.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Agrius

Score: 3.33
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1209 - Time Providers
MITREへのリンク →

Ke3chang

Score: 4.63
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 6.70
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

BlackByte

Score: 8.42
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 12.68
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 9.30
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 19.95
Matched TTPs:
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Ember Bear

Score: 5.72
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

LAPSUS$

Score: 6.59
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
MITREへのリンク →

Aquatic Panda

Score: 5.10
Matched TTPs:
  • T1136.002 - Domain Account
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 6.54
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

BackdoorDiplomacy

Score: 7.29
Matched TTPs:
  • T1136.002 - Domain Account
  • T1059.011 - Lua
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 10.69
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Play

Score: 5.16
Matched TTPs:
  • T1552.003 - Shell History
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 5.46
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

POLONIUM

Score: 4.41
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 8.40
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 11.08
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.15
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1601.001 - Patch System Image
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Chimera

Score: 10.03
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

GALLIUM

Score: 3.06
Matched TTPs:
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volatile Cedar

Score: 4.91
Matched TTPs:
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 5.39
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

Daggerfly

Score: 3.90
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Gamaredon Group

Score: 0.78
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
  • T1598.003 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.013 - Container CLI/API
  • T1547.002 - Authentication Package
  • T1059.011 - Lua
  • T1542.004 - ROMMONkit
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
  • T1091 - Replication Through Removable Media
  • T1554 - Compromise Host Software Binary
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
MITREへのリンク →

Kimsuky

Score: 0.71
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1654 - Log Enumeration
  • T1598.003 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.002 - Authentication Package
  • T1059.011 - Lua
  • T1608.005 - Link Target
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 0.64
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1598.003 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.002 - Authentication Package
  • T1578.001 - Create Snapshot
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 0.64
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1491.002 - External Defacement
  • T1132.001 - Standard Encoding
  • T1547.002 - Authentication Package
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1608.005 - Link Target
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1059.012 - Hypervisor CLI
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1105 - Ingress Tool Transfer
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.005 - Thread Local Storage
  • T1059.011 - Lua
  • T1608.005 - Link Target
  • T1209 - Time Providers
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1491.002 - External Defacement
  • T1547.002 - Authentication Package
  • T1542.004 - ROMMONkit
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1059.012 - Hypervisor CLI
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 0.60
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1566.002 - Spearphishing Link
  • T1491.002 - External Defacement
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1209 - Time Providers
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1059.012 - Hypervisor CLI
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 0.55
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1683 - Generate Content
  • T1566.002 - Spearphishing Link
  • T1491.002 - External Defacement
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1059.012 - Hypervisor CLI
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る