Trusted Design

TA17-164A - HIDDEN COBRA DDoS Botnet Infrastructure

概要

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 15.23
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1056.002 - GUI Input Capture
  • T1519 - Emond
MITREへのリンク →

Sandworm Team

Score: 36.90
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 8.47
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 25.95
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 24.29
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
  • T1552.008 - Chat Messages
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 18.01
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 4.91
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 11.70
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 21.03
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1056.002 - GUI Input Capture
  • T1218.009 - Regsvcs/Regasm
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 12.54
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 10.14
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 6.96
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1056.002 - GUI Input Capture
MITREへのリンク →

FIN13

Score: 21.44
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 17.50
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 35.31
Matched TTPs:
  • T1099 - Timestomp
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1164 - Re-opened Applications
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1056.002 - GUI Input Capture
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

FIN8

Score: 10.91
Matched TTPs:
  • T1099 - Timestomp
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Chimera

Score: 4.99
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 5.50
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 8.17
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 21.61
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 12.40
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 7.39
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 12.30
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT18

Score: 3.52
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 17.41
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Kimsuky

Score: 29.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Moonstone Sleet

Score: 14.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 9.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 27.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.006 - Network Security Appliances
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Contagious Interview

Score: 21.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

UNC3886

Score: 10.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
MITREへのリンク →

LuminousMoth

Score: 7.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 17.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 10.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedCurl

Score: 7.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1128 - Netsh Helper DLL
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cleaver

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1565 - Data Manipulation
MITREへのリンク →

Moses Staff

Score: 5.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustang Panda

Score: 15.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

TeamTNT

Score: 12.35
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1519 - Emond
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Velvet Ant

Score: 9.91
Matched TTPs:
  • T1583.005 - Botnet
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT33

Score: 6.56
Matched TTPs:
  • T1583.005 - Botnet
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

DarkVishnya

Score: 3.03
Matched TTPs:
  • T1583.005 - Botnet
MITREへのリンク →

APT28

Score: 37.41
Matched TTPs:
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1057 - Process Discovery
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Earth Lusca

Score: 7.75
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1546.016 - Installer Packages
MITREへのリンク →

Star Blizzard

Score: 4.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1565 - Data Manipulation
MITREへのリンク →

Threat Group-3390

Score: 9.82
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 6.12
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 7.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 15.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1565 - Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

EXOTIC LILY

Score: 6.84
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1565 - Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 8.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 10.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1008 - Fallback Channels
MITREへのリンク →

Medusa Group

Score: 24.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1056.002 - GUI Input Capture
  • T1565 - Data Manipulation
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Storm-0501

Score: 5.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Fox Kitten

Score: 4.59
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565 - Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 4.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 3.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 5.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

GALLIUM

Score: 3.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 10.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1056.002 - GUI Input Capture
  • T1565 - Data Manipulation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 4.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 10.39
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 9.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1160 - Launch Daemon
MITREへのリンク →

MuddyWater

Score: 8.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

LAPSUS$

Score: 3.84
Matched TTPs:
  • T1193 - Spearphishing Attachment
MITREへのリンク →

Scattered Spider

Score: 10.96
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Naikon

Score: 3.37
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

Sidewinder

Score: 4.15
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 6.89
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Darkhotel

Score: 4.15
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 11.52
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Aquatic Panda

Score: 6.52
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 4.42
Matched TTPs:
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
MITREへのリンク →

CURIUM

Score: 4.86
Matched TTPs:
  • T1565 - Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT37

Score: 7.31
Matched TTPs:
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Windshift

Score: 9.33
Matched TTPs:
  • T1078 - Valid Accounts
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 8.02
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Patchwork

Score: 5.96
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Daggerfly

Score: 3.61
Matched TTPs:
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 4.06
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.84
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1583.005 - Botnet
  • T1546.016 - Installer Packages
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
  • T1565 - Data Manipulation
  • T1091 - Replication Through Removable Media
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1075 - Pass the Hash
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT28

Score: 0.83
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1566.003 - Spearphishing via Service
  • T1583.005 - Botnet
  • T1056.002 - GUI Input Capture
  • T1547.013 - XDG Autostart Entries
  • T1131 - Authentication Package
  • T1139 - Bash History
  • T1146 - Clear Command History
  • T1546.007 - Netsh Helper DLL
  • T1105 - Ingress Tool Transfer
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Volt Typhoon

Score: 0.82
Matched TTPs:
  • T1057 - Process Discovery
  • T1553.002 - Code Signing
  • T1546.016 - Installer Packages
  • T1049 - System Network Connections Discovery
  • T1056.002 - GUI Input Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1099 - Timestomp
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1164 - Re-opened Applications
  • T1552.008 - Chat Messages
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Kimsuky

Score: 0.72
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1583.005 - Botnet
  • T1547.013 - XDG Autostart Entries
  • T1565 - Data Manipulation
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1091 - Replication Through Removable Media
  • T1008 - Fallback Channels
  • T1552.003 - Shell History
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Lazarus Group

Score: 0.68
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1565 - Data Manipulation
  • T1606.002 - SAML Tokens
  • T1556 - Modify Authentication Process
  • T1105 - Ingress Tool Transfer
  • T1590.006 - Network Security Appliances
  • T1547.008 - LSASS Driver
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1099 - Timestomp
  • T1565 - Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1590.006 - Network Security Appliances
  • T1547.008 - LSASS Driver
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
MITREへのリンク →

HAFNIUM

Score: 0.58
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1099 - Timestomp
  • T1547.013 - XDG Autostart Entries
  • T1552.008 - Chat Messages
  • T1105 - Ingress Tool Transfer
  • T1027.008 - Stripped Payloads
  • T1590.006 - Network Security Appliances
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
MITREへのリンク →

Medusa Group

Score: 0.58
Matched TTPs:
  • T1218.003 - CMSTP
  • T1506 - Web Session Cookie
  • T1056.002 - GUI Input Capture
  • T1547.013 - XDG Autostart Entries
  • T1565 - Data Manipulation
  • T1590.006 - Network Security Appliances
  • T1128 - Netsh Helper DLL
  • T1552.003 - Shell History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

FIN13

Score: 0.55
Matched TTPs:
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1099 - Timestomp
  • T1547.013 - XDG Autostart Entries
  • T1552.003 - Shell History
  • T1606.002 - SAML Tokens
  • T1105 - Ingress Tool Transfer
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る