Trusted Design

EPS Processing Zero-Days Exploited by Multiple Threat Actors

概要

Recently, FireEye identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild. At the end of March 2017, we detected another malicious document leveraging an unknown vulnerability in EPS and a recently patched vulnerability in Windows Graphics Device Interface (GDI) to drop malware. Following the April 2017 Patch Tuesday, in which Microsoft disabled EPS, FireEye detected a second unknown vulnerability in EPS. FireEye believes that two actors – Turla and an unknown financially motivated actor – were using the first EPS zero-day (CVE-2017-0261), and APT28 was using the second EPS zero-day (CVE-2017-0262) along with a new Escalation of Privilege (EOP) zero-day (CVE-2017-0263). Turla and APT28 are Russian cyber espionage groups that have used these zero-days against European diplomatic and military entities. The unidentified financial group targeted regional and global banks with offices in the Middle East.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Turla

Score: 22.54
Matched TTPs:
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ember Bear

Score: 19.67
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 19.52
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1686.003 - Windows Host Firewall
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 20.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN13

Score: 6.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 5.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
MITREへのリンク →

Lazarus Group

Score: 14.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 13.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 23.63
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 15.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
MITREへのリンク →

LuminousMoth

Score: 7.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 21.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1546.018 - Python Startup Hooks
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Play

Score: 11.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 4.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Ke3chang

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 17.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 3.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN7

Score: 15.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Volt Typhoon

Score: 21.46
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Darkhotel

Score: 3.44
Matched TTPs:
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Gamaredon Group

Score: 14.51
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1200 - Hardware Additions
MITREへのリンク →

Storm-0501

Score: 11.12
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1204.001 - Malicious Link
MITREへのリンク →

APT38

Score: 16.14
Matched TTPs:
  • T1675 - ESXi Administration Command
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
MITREへのリンク →

BlackByte

Score: 12.51
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 12.60
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 3.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

Threat Group-3390

Score: 8.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

APT28

Score: 14.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Medusa Group

Score: 23.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1204.001 - Malicious Link
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 4.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cinnamon Tempest

Score: 4.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Agrius

Score: 3.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

menuPass

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 8.69
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1001.001 - Junk Data
MITREへのリンク →

GALLIUM

Score: 8.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1174 - Password Filter DLL
MITREへのリンク →

Earth Lusca

Score: 9.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Leviathan

Score: 4.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

INC Ransom

Score: 6.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Dragonfly

Score: 7.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

Axiom

Score: 6.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1160 - Launch Daemon
MITREへのリンク →

APT41

Score: 4.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 4.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1490 - Inhibit System Recovery
MITREへのリンク →

MuddyWater

Score: 9.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1159 - Launch Agent
MITREへのリンク →

Patchwork

Score: 5.83
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
MITREへのリンク →

TA505

Score: 10.78
Matched TTPs:
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Wizard Spider

Score: 11.89
Matched TTPs:
  • T1059.009 - Cloud API
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 15.91
Matched TTPs:
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aquatic Panda

Score: 6.93
Matched TTPs:
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Gorgon Group

Score: 4.48
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

APT42

Score: 5.43
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Saint Bear

Score: 3.63
Matched TTPs:
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN8

Score: 5.43
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

TA2541

Score: 7.85
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

LAPSUS$

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT1

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 5.49
Matched TTPs:
  • T1136.002 - Domain Account
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Scattered Spider

Score: 15.45
Matched TTPs:
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

BRONZE BUTLER

Score: 12.27
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1159 - Launch Agent
MITREへのリンク →

Akira

Score: 4.32
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
MITREへのリンク →

APT33

Score: 4.98
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
MITREへのリンク →

Tonto Team

Score: 3.15
Matched TTPs:
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

HEXANE

Score: 6.75
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

admin@338

Score: 3.15
Matched TTPs:
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

Chimera

Score: 4.00
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
MITREへのリンク →

Inception

Score: 6.75
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Storm-1811

Score: 3.37
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 7.92
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

FIN10

Score: 3.52
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

DarkHydrus

Score: 4.00
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

Velvet Ant

Score: 11.34
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 3.15
Matched TTPs:
  • T1059.004 - Unix Shell
MITREへのリンク →

APT3

Score: 3.15
Matched TTPs:
  • T1059.004 - Unix Shell
MITREへのリンク →

Daggerfly

Score: 3.29
Matched TTPs:
  • T1174 - Password Filter DLL
MITREへのリンク →

Tropic Trooper

Score: 14.34
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1562.011 - Spoof Security Alerting
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT37

Score: 3.03
Matched TTPs:
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

TA551

Score: 3.03
Matched TTPs:
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Confucius

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

Windshift

Score: 5.27
Matched TTPs:
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.83
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1005 - Data from Local System
  • T1547.008 - LSASS Driver
  • T1059.009 - Cloud API
  • T1128 - Netsh Helper DLL
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1059.004 - Unix Shell
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 0.83
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1212 - Exploitation for Credential Access
  • T1136.002 - Domain Account
  • T1059.009 - Cloud API
  • T1606.002 - SAML Tokens
  • T1056.001 - Keylogging
  • T1059.004 - Unix Shell
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Medusa Group

Score: 0.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1204.001 - Malicious Link
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1094 - Custom Command and Control Protocol
  • T1059.009 - Cloud API
  • T1128 - Netsh Helper DLL
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 0.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
  • T1546.018 - Python Startup Hooks
  • T1606.002 - SAML Tokens
  • T1592.004 - Client Configurations
  • T1490 - Inhibit System Recovery
  • T1199 - Trusted Relationship
  • T1138 - Application Shimming
MITREへのリンク →

Volt Typhoon

Score: 0.75
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1159 - Launch Agent
  • T1584.002 - DNS Server
  • T1212 - Exploitation for Credential Access
  • T1059.009 - Cloud API
  • T1562.009 - Safe Mode Boot
  • T1199 - Trusted Relationship
MITREへのリンク →

Kimsuky

Score: 0.75
Matched TTPs:
  • T1003.003 - NTDS
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
  • T1092 - Communication Through Removable Media
  • T1059.009 - Cloud API
  • T1606.002 - SAML Tokens
  • T1490 - Inhibit System Recovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 0.73
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1564.008 - Email Hiding Rules
  • T1140 - Deobfuscate/Decode Files or Information
  • T1204.001 - Malicious Link
  • T1005 - Data from Local System
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
MITREへのリンク →

Ember Bear

Score: 0.70
Matched TTPs:
  • T1003.003 - NTDS
  • T1564.008 - Email Hiding Rules
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1005 - Data from Local System
  • T1136.002 - Domain Account
  • T1059.009 - Cloud API
MITREへのリンク →

APT32

Score: 0.65
Matched TTPs:
  • T1092 - Communication Through Removable Media
  • T1059.009 - Cloud API
  • T1592.004 - Client Configurations
  • T1490 - Inhibit System Recovery
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1159 - Launch Agent
  • T1092 - Communication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1055.005 - Thread Local Storage
  • T1136.001 - Local Account
MITREへのリンク →

APT38

Score: 0.62
Matched TTPs:
  • T1675 - ESXi Administration Command
  • T1597 - Search Closed Sources
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1138 - Application Shimming
MITREへのリンク →

UNC3886

Score: 0.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1136.002 - Domain Account
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1059.004 - Unix Shell
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.003 - Spearphishing via Service
  • T1588.003 - Code Signing Certificates
  • T1200 - Hardware Additions
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1092 - Communication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1606.002 - SAML Tokens
  • T1490 - Inhibit System Recovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1092 - Communication Through Removable Media
  • T1200 - Hardware Additions
  • T1059.009 - Cloud API
  • T1562.009 - Safe Mode Boot
  • T1199 - Trusted Relationship
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
MITREへのリンク →

Scattered Spider

Score: 0.58
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1204.001 - Malicious Link
  • T1552.003 - Shell History
  • T1027.002 - Software Packing
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る