Trusted Design

From Locky with love – reading malicious attachments

概要

Posted July 27, 2016 by Malwarebytes Labs The common way of malware distribution, used i.e. by Locky ransomware are downloader scripts. They are spread in massive spam campaigns – attached to e-mails. Using simple social engineering tricks attackers try to tempt recipients into running the attached file, that leads to downloading and deploying malicious payloads. Those scripts are most often obfuscated, using various tricks they try to hide the URL from where they get the payload. This time we will present some of the latest downloaders used to deliver Locky ransomware and show how to statically decipher their hidden URLs.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 29.72
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1124 - System Time Discovery
MITREへのリンク →

TA577

Score: 6.65
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 18.50
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 4.75
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dark Caracal

Score: 4.15
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 10.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 14.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Transparent Tribe

Score: 11.99
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 27.33
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1137.002 - Office Test
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 21.98
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.003 - One-Way Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Sidewinder

Score: 18.87
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

APT39

Score: 12.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Saint Bear

Score: 10.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 8.33
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 11.12
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 17.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Higaisa

Score: 12.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
  • T1027.015 - Compression
MITREへのリンク →

APT19

Score: 8.45
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 9.03
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1039 - Data from Network Shared Drive
  • T1027.010 - Command Obfuscation
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 19.88
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 16.44
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 7.35
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
MITREへのリンク →

Magic Hound

Score: 24.19
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 8.51
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tropic Trooper

Score: 18.18
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Mofang

Score: 9.21
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Contagious Interview

Score: 16.65
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
MITREへのリンク →

Whitefly

Score: 3.16
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 10.40
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 12.21
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1610 - Deploy Container
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 4.83
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 13.64
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 26.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1550.003 - Pass the Ticket
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 11.86
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 33.59
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1566 - Phishing
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Machete

Score: 6.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 15.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1598.002 - Spearphishing Attachment
  • T1564.002 - Hidden Users
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 4.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 4.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 8.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

RedCurl

Score: 17.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

PLATINUM

Score: 8.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 7.34
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 7.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 9.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 13.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 13.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 9.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

Wizard Spider

Score: 7.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 21.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN4

Score: 4.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 10.37
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 7.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN6

Score: 5.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.010 - Command Obfuscation
  • T1046 - Network Service Discovery
MITREへのリンク →

Patchwork

Score: 12.83
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN7

Score: 27.20
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

Gorgon Group

Score: 4.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 18.69
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 8.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tonto Team

Score: 3.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 11.19
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 23.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550.003 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

APT38

Score: 14.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1486 - Data Encrypted for Impact
  • T1189 - Drive-by Compromise
  • T1036.006 - Space after Filename
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 21.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Naikon

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1046 - Network Service Discovery
MITREへのリンク →

Mustang Panda

Score: 29.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

Molerats

Score: 9.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 37.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1102.003 - One-Way Communication
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 5.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

IndigoZebra

Score: 4.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 4.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Indrik Spider

Score: 3.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 20.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1550.003 - Pass the Ticket
  • T1583.006 - Web Services
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 8.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 7.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 9.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Cinnamon Tempest

Score: 8.31
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LuminousMoth

Score: 10.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 3.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 7.36
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 4.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
MITREへのリンク →

ZIRCONIUM

Score: 14.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

Turla

Score: 18.24
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

APT42

Score: 3.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
MITREへのリンク →

Scattered Spider

Score: 14.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 13.67
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Winter Vivern

Score: 6.34
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Agrius

Score: 3.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1046 - Network Service Discovery
MITREへのリンク →

Ke3chang

Score: 4.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 6.70
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

BlackByte

Score: 8.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 12.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

FIN13

Score: 9.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Medusa Group

Score: 19.95
Matched TTPs:
  • T1608.002 - Upload Tool
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1218.014 - MMC
MITREへのリンク →

Ember Bear

Score: 5.72
Matched TTPs:
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
MITREへのリンク →

LAPSUS$

Score: 6.59
Matched TTPs:
  • T1588.001 - Malware
  • T1204 - User Execution
MITREへのリンク →

Aquatic Panda

Score: 5.10
Matched TTPs:
  • T1588.001 - Malware
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 6.54
Matched TTPs:
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 7.29
Matched TTPs:
  • T1588.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 10.69
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Akira

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Play

Score: 5.16
Matched TTPs:
  • T1657 - Financial Theft
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HAFNIUM

Score: 5.46
Matched TTPs:
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

POLONIUM

Score: 4.41
Matched TTPs:
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Sea Turtle

Score: 8.40
Matched TTPs:
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 11.08
Matched TTPs:
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.15
Matched TTPs:
  • T1566 - Phishing
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Chimera

Score: 10.03
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1027.010 - Command Obfuscation
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

GALLIUM

Score: 3.06
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volatile Cedar

Score: 4.91
Matched TTPs:
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 5.39
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
MITREへのリンク →

Daggerfly

Score: 3.90
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Gamaredon Group

Score: 0.78
Matched TTPs:
  • T1102.003 - One-Way Communication
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1608.001 - Upload Malware
  • T1204.002 - Malicious File
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
  • T1027.004 - Compile After Delivery
  • T1039 - Data from Network Shared Drive
  • T1027.010 - Command Obfuscation
  • T1027 - Obfuscated Files or Information
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Kimsuky

Score: 0.71
Matched TTPs:
  • T1027.012 - LNK Icon Smuggling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1204.002 - Malicious File
  • T1204.001 - Malicious Link
  • T1564.002 - Hidden Users
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1027.010 - Command Obfuscation
  • T1598.003 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1566 - Phishing
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

FIN7

Score: 0.64
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1124 - System Time Discovery
  • T1204.002 - Malicious File
  • T1204.001 - Malicious Link
  • T1674 - Input Injection
  • T1566.002 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Lazarus Group

Score: 0.64
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1046 - Network Service Discovery
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1566.002 - Spearphishing Link
  • T1027.007 - Dynamic API Resolution
  • T1027.009 - Embedded Payloads
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1027.012 - LNK Icon Smuggling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1204.002 - Malicious File
  • T1204.001 - Malicious Link
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1204.002 - Malicious File
  • T1137.002 - Office Test
  • T1204.001 - Malicious Link
  • T1189 - Drive-by Compromise
  • T1039 - Data from Network Shared Drive
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT32

Score: 0.60
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1204.002 - Malicious File
  • T1204.001 - Malicious Link
  • T1189 - Drive-by Compromise
  • T1550.003 - Pass the Ticket
  • T1566.002 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 0.55
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1046 - Network Service Discovery
  • T1204.002 - Malicious File
  • T1204.001 - Malicious Link
  • T1189 - Drive-by Compromise
  • T1566.002 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1598.003 - Spearphishing Link
  • T1573 - Encrypted Channel
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る