Trusted Design

Veil-Framework Infects Victims of Targeted OWA Phishing Attack

概要

Proofpoint researchers recently observed a novel targeted phishing attack that combined Outlook Web Access (OWA) credential phishing with a malicious document download. In May we also observed an Office 365 credential phishing attack leading to iSpy Keylogger [1], but the combination of OWA with this infection chain takes a different approach. While it is not clear whether the primary goal of the attack was delivering the malicious payload or capturing the targets' OWA credentials, this attack uses an OWA phish to additionally pushes a malicious document with a Veil-Framework payload capable of downloading further malware.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 26.10
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1030 - Data Transfer Size Limits
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 34.29
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1556.008 - Network Provider DLL
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
MITREへのリンク →

FIN4

Score: 14.61
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1204.003 - Malicious Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volt Typhoon

Score: 6.14
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1134.002 - Create Process with Token
MITREへのリンク →

APT28

Score: 41.31
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1204.003 - Malicious Image
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1588.003 - Code Signing Certificates
  • T1027.018 - Invisible Unicode
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

ZIRCONIUM

Score: 14.34
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 29.45
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 16.68
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 24.27
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 7.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 12.14
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 10.34
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mofang

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 46.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1204.003 - Malicious Image
  • T1027.014 - Polymorphic Code
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sidewinder

Score: 11.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 6.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 5.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 15.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Transparent Tribe

Score: 9.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustang Panda

Score: 22.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 25.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1131 - Authentication Package
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 4.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 9.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
  • T1204.003 - Malicious Image
MITREへのリンク →

Lazarus Group

Score: 22.90
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT33

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 12.51
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 25.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1204.003 - Malicious Image
  • T1592.003 - Firmware
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 22.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 7.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 7.92
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 21.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1204.003 - Malicious Image
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA2541

Score: 8.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 12.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedCurl

Score: 7.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 16.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 22.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Wizard Spider

Score: 9.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA577

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 9.40
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 6.14
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 8.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 6.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT39

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 14.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
MITREへのリンク →

Star Blizzard

Score: 19.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1204.003 - Malicious Image
  • T1168 - Local Job Scheduling
MITREへのリンク →

Moonstone Sleet

Score: 14.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 16.56
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 23.20
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1657 - Financial Theft
  • T1204.003 - Malicious Image
  • T1531 - Account Access Removal
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
MITREへのリンク →

Saint Bear

Score: 11.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 8.19
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN6

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 4.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

WIRTE

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Threat Group-3390

Score: 7.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 11.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1200 - Hardware Additions
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 4.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Inception

Score: 8.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 6.14
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT41

Score: 5.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Winter Vivern

Score: 12.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 6.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

APT19

Score: 5.39
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 4.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
MITREへのリンク →

Andariel

Score: 6.59
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 4.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

IndigoZebra

Score: 5.55
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
MITREへのリンク →

APT38

Score: 4.00
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

DarkHydrus

Score: 8.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
  • T1200 - Hardware Additions
MITREへのリンク →

HEXANE

Score: 11.10
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

LAPSUS$

Score: 26.23
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1556.008 - Network Provider DLL
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Ember Bear

Score: 7.80
Matched TTPs:
  • T1005 - Data from Local System
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

Medusa Group

Score: 11.36
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

HAFNIUM

Score: 9.87
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1204.003 - Malicious Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

UNC3886

Score: 3.95
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

INC Ransom

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

FIN13

Score: 7.06
Matched TTPs:
  • T1552.003 - Shell History
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Storm-0501

Score: 9.40
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1090.004 - Domain Fronting
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Play

Score: 5.19
Matched TTPs:
  • T1552.003 - Shell History
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 7.44
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Axiom

Score: 6.54
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Chimera

Score: 6.11
Matched TTPs:
  • T1204.003 - Malicious Image
  • T1592.003 - Firmware
MITREへのリンク →

Leafminer

Score: 4.43
Matched TTPs:
  • T1204.003 - Malicious Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1134.002 - Create Process with Token
  • T1197 - BITS Jobs
  • T1490 - Inhibit System Recovery
  • T1183 - Image File Execution Options Injection
  • T1204.003 - Malicious Image
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1131 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1030 - Data Transfer Size Limits
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1546.008 - Accessibility Features
MITREへのリンク →

APT28

Score: 0.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1200 - Hardware Additions
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1204.003 - Malicious Image
  • T1592.003 - Firmware
  • T1588.003 - Code Signing Certificates
  • T1131 - Authentication Package
  • T1024 - Custom Cryptographic Protocol
  • T1546.007 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
  • T1608.005 - Link Target
  • T1598.003 - Spearphishing Link
  • T1685.001 - Disable or Modify Windows Event Log
  • T1218.010 - Regsvr32
MITREへのリンク →

Scattered Spider

Score: 0.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1666 - Modify Cloud Resource Hierarchy
  • T1197 - BITS Jobs
  • T1556.008 - Network Provider DLL
  • T1090.004 - Domain Fronting
  • T1019 - System Firmware
  • T1619 - Cloud Storage Object Discovery
  • T1030 - Data Transfer Size Limits
  • T1136.002 - Domain Account
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る