Trusted Design

MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS AND FOREIGN POLICY INSTITUTIONS

概要

On August 4, 2016, the Gmail account of an unknown individual was compromised in order to conduct spearphishing campaigns against a diverse set of targets related to Iran. The spearphishing attempt posed as a message from the Director of United for Iran, a U.S.-based human rights organization, claiming that the organization had developed a secure communications tool for activists. The message was sent from an account created under her name on lesser known email provider (1&1’s Mail.com), a common tactic in recent months, with a link to a file hosted on Dropbox and an additional credential phishing attempt. Once the observed Gmail account was under their control, the actors then forwarded malware to over a hundred of their contacts, ranging from an address for the United Nations Refugee Agency in Turkey to a site contact for Reza Pahlavi, the son of the deposed Shah Mohammad Reza Pahlavi.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 32.09
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1619 - Cloud Storage Object Discovery
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Contagious Interview

Score: 32.36
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 9.25
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1578 - Modify Cloud Compute Infrastructure
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 54.15
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1546.008 - Accessibility Features
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 22.71
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

Magic Hound

Score: 36.99
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1578.002 - Create Cloud Instance
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

Scattered Spider

Score: 44.68
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
  • T1498 - Network Denial of Service
  • T1027.002 - Software Packing
MITREへのリンク →

Kimsuky

Score: 67.37
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1546.008 - Accessibility Features
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1001 - Data Obfuscation
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Volt Typhoon

Score: 23.82
Matched TTPs:
  • T1114 - Email Collection
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1584.002 - DNS Server
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
MITREへのリンク →

EXOTIC LILY

Score: 21.61
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 23.87
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

BlackTech

Score: 6.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 10.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 9.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 7.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mofang

Score: 6.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 11.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 29.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
MITREへのリンク →

Mustard Tempest

Score: 8.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Transparent Tribe

Score: 8.46
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Mustang Panda

Score: 24.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 7.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 19.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT3

Score: 7.92
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 8.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

Lazarus Group

Score: 32.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT33

Score: 6.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 15.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 6.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

OilRig

Score: 26.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1055.012 - Process Hollowing
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 6.20
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 8.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 25.05
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN4

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 17.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 14.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedCurl

Score: 13.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
  • T1128 - Netsh Helper DLL
  • T1055.009 - Proc Memory
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 20.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 21.99
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1055.012 - Process Hollowing
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Wizard Spider

Score: 14.93
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA577

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 11.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 6.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 7.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 16.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT39

Score: 9.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 32.25
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 18.01
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 21.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 11.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 19.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1546.016 - Installer Packages
MITREへのリンク →

Saint Bear

Score: 13.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 5.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

FIN6

Score: 11.49
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 3.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

menuPass

Score: 7.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
MITREへのリンク →

Threat Group-3390

Score: 18.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Gamaredon Group

Score: 16.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 7.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 3.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
MITREへのリンク →

APT41

Score: 14.18
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
MITREへのリンク →

Winter Vivern

Score: 7.95
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 7.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Gorgon Group

Score: 4.88
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 13.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
  • T1053.002 - At
MITREへのリンク →

Andariel

Score: 6.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Silence

Score: 4.12
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

IndigoZebra

Score: 6.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 5.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT-C-36

Score: 3.82
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

HEXANE

Score: 19.94
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

BlackByte

Score: 7.52
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1001 - Data Obfuscation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Medusa Group

Score: 16.95
Matched TTPs:
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

UNC3886

Score: 11.16
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1055.015 - ListPlanting
MITREへのリンク →

Indrik Spider

Score: 8.96
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
MITREへのリンク →

HAFNIUM

Score: 7.28
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Aquatic Panda

Score: 6.79
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN13

Score: 9.31
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Carbanak

Score: 5.34
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Storm-0501

Score: 12.60
Matched TTPs:
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1090.004 - Domain Fronting
  • T1055.009 - Proc Memory
MITREへのリンク →

INC Ransom

Score: 12.90
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1055.009 - Proc Memory
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cinnamon Tempest

Score: 3.37
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Play

Score: 3.37
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

POLONIUM

Score: 8.01
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.03
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sea Turtle

Score: 8.37
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Ke3chang

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Chimera

Score: 7.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1055.012 - Process Hollowing
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Salt Typhoon

Score: 4.69
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

Blue Mockingbird

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Axiom

Score: 4.78
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Velvet Ant

Score: 9.28
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Daggerfly

Score: 4.19
Matched TTPs:
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1588.001 - Malware
  • T1114 - Email Collection
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1134.002 - Create Process with Token
  • T1053.002 - At
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1546.008 - Accessibility Features
  • T1001 - Data Obfuscation
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sandworm Team

Score: 0.72
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1114 - Email Collection
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1122 - Component Object Model Hijacking
  • T1134.002 - Create Process with Token
  • T1564.008 - Email Hiding Rules
  • T1102.003 - One-Way Communication
  • T1546.016 - Installer Packages
  • T1193 - Spearphishing Attachment
  • T1566.002 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1484.002 - Trust Modification
  • T1199 - Trusted Relationship
  • T1546.008 - Accessibility Features
  • T1187 - Forced Authentication
  • T1027.018 - Invisible Unicode
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Scattered Spider

Score: 0.59
Matched TTPs:
  • T1583.001 - Domains
  • T1498 - Network Denial of Service
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1019 - System Firmware
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1578 - Modify Cloud Compute Infrastructure
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
  • T1144 - Gatekeeper Bypass
  • T1090.004 - Domain Fronting
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る