Trusted Design

Recent Coordinated Attack on Security Infrastructure

概要

The included indicators were observed in a coordinated attack to gain access to a managed security provider over the previous 3 day timeframe. Instead of blocking the MSSP wrote a script and redirected the attackers to honeypots to observe the activity that the actors were trying to carry out. An additional report will be published by Jigsaw Security Enterprise Inc in the coming days outlining the entire observation and will include some binary samples, MD5 hashes and similar data to allow others being attacked to protect their networks. Jigsaw Security was not the intended target of this attack. We were called in by one of our Jigsaw Enterprise Platform users after they noticed suspicious activity on a database server.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Tick cyberespionage group zeros in on Japan (score: 0.63)
Shamoon is back (score: 0.59)
RSA IR: An APT Case Study (score: 0.59)
Indian organizations targeted in Suckfly attacks (score: 0.58)
FBI CYWATCH A-000067-DM (score: 0.58)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 16.57

Matched TTPs:

T1564.008 - Email Hiding Rules
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1102 - Web Service
T1668 - Exclusive Control

MITREへのリンク →

Sandworm Team

Score: 22.61

Matched TTPs:

T1564.008 - Email Hiding Rules
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1193 - Spearphishing Attachment
T1187 - Forced Authentication
T1075 - Pass the Hash

MITREへのリンク →

BRONZE BUTLER

Score: 12.35

Matched TTPs:

T1003.007 - Proc Filesystem
T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1008 - Fallback Channels

MITREへのリンク →

TeamTNT

Score: 9.20

Matched TTPs:

T1003.007 - Proc Filesystem
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1506 - Web Session Cookie

MITREへのリンク →

OilRig

Score: 9.98

Matched TTPs:

T1003.007 - Proc Filesystem
T1558 - Steal or Forge Kerberos Tickets
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Turla

Score: 8.78

Matched TTPs:

T1003.007 - Proc Filesystem
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Aquatic Panda

Score: 13.20

Matched TTPs:

T1003.007 - Proc Filesystem
T1562.004 - Disable or Modify System Firewall
T1102 - Web Service
T1506 - Web Session Cookie
T1668 - Exclusive Control

MITREへのリンク →

Kimsuky

Score: 11.92

Matched TTPs:

T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie
T1668 - Exclusive Control
T1008 - Fallback Channels

MITREへのリンク →

Chimera

Score: 7.86

Matched TTPs:

T1003.007 - Proc Filesystem
T1668 - Exclusive Control
T1578.001 - Create Snapshot

MITREへのリンク →

Ke3chang

Score: 3.99

Matched TTPs:

T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Earth Lusca

Score: 8.35

Matched TTPs:

T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volt Typhoon

Score: 18.69

Matched TTPs:

T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1164 - Re-opened Applications
T1102 - Web Service
T1574.002 - DLL Side-Loading
T1578.001 - Create Snapshot

MITREへのリンク →

APT1

Score: 5.27

Matched TTPs:

T1003.007 - Proc Filesystem
T1668 - Exclusive Control

MITREへのリンク →

Rocke

Score: 9.32

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie
T1105 - Ingress Tool Transfer
T1008 - Fallback Channels

MITREへのリンク →

Threat Group-3390

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN7

Score: 6.73

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1105 - Ingress Tool Transfer
T1578.001 - Create Snapshot

MITREへのリンク →

APT28

Score: 26.23

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1059.012 - Hypervisor CLI
T1668 - Exclusive Control
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN13

Score: 9.07

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1668 - Exclusive Control
T1105 - Ingress Tool Transfer

MITREへのリンク →

Magic Hound

Score: 12.20

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1187 - Forced Authentication
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 3.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

Storm-0501

Score: 11.35

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie
T1090.004 - Domain Fronting
T1055.009 - Proc Memory

MITREへのリンク →

BlackByte

Score: 3.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

Agrius

Score: 3.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

menuPass

Score: 3.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

ToddyCat

Score: 5.89

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie
T1547.008 - LSASS Driver

MITREへのリンク →

GALLIUM

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1668 - Exclusive Control

MITREへのリンク →

Winter Vivern

Score: 8.01

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT29

Score: 6.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1547.008 - LSASS Driver

MITREへのリンク →

Leviathan

Score: 5.83

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volatile Cedar

Score: 4.06

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall

MITREへのリンク →

INC Ransom

Score: 5.31

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1055.009 - Proc Memory

MITREへのリンク →

UNC3886

Score: 8.19

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1578.001 - Create Snapshot

MITREへのリンク →

Dragonfly

Score: 9.67

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1193 - Spearphishing Attachment
T1059.012 - Hypervisor CLI

MITREへのリンク →

Axiom

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT41

Score: 18.36

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1578.003 - Delete Cloud Instance
T1668 - Exclusive Control
T1574.002 - DLL Side-Loading
T1008 - Fallback Channels

MITREへのリンク →

Play

Score: 3.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

HAFNIUM

Score: 8.27

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

APT5

Score: 12.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1578.003 - Delete Cloud Instance
T1677 - Poisoned Pipeline Execution
T1102 - Web Service

MITREへのリンク →

MuddyWater

Score: 3.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

Salt Typhoon

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1556 - Modify Authentication Process

MITREへのリンク →

APT32

Score: 12.11

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI
T1668 - Exclusive Control
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

Contagious Interview

Score: 11.59

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1021.006 - Windows Remote Management
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

ZIRCONIUM

Score: 4.78

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1578.001 - Create Snapshot

MITREへのリンク →

Windshift

Score: 8.37

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Storm-1811

Score: 4.71

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1547.008 - LSASS Driver

MITREへのリンク →

PLATINUM

Score: 3.95

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1193 - Spearphishing Attachment

MITREへのリンク →

APT42

Score: 5.52

Matched TTPs:

T1677 - Poisoned Pipeline Execution
T1506 - Web Session Cookie

MITREへのリンク →

Mustang Panda

Score: 16.61

Matched TTPs:

T1677 - Poisoned Pipeline Execution
T1102 - Web Service
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

Lazarus Group

Score: 20.05

Matched TTPs:

T1677 - Poisoned Pipeline Execution
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Andariel

Score: 5.61

Matched TTPs:

T1187 - Forced Authentication
T1059.012 - Hypervisor CLI

MITREへのリンク →

Darkhotel

Score: 6.26

Matched TTPs:

T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Sidewinder

Score: 4.49

Matched TTPs:

T1506 - Web Session Cookie
T1578.001 - Create Snapshot

MITREへのリンク →

APT38

Score: 8.20

Matched TTPs:

T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1059.005 - Visual Basic

MITREへのリンク →

FIN8

Score: 4.65

Matched TTPs:

T1506 - Web Session Cookie
T1556 - Modify Authentication Process

MITREへのリンク →

The White Company

Score: 4.49

Matched TTPs:

T1506 - Web Session Cookie
T1578.001 - Create Snapshot

MITREへのリンク →

Wizard Spider

Score: 7.39

Matched TTPs:

T1506 - Web Session Cookie
T1668 - Exclusive Control
T1556 - Modify Authentication Process

MITREへのリンク →

Patchwork

Score: 6.95

Matched TTPs:

T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Tropic Trooper

Score: 4.57

Matched TTPs:

T1506 - Web Session Cookie
T1105 - Ingress Tool Transfer

MITREへのリンク →

Scattered Spider

Score: 8.67

Matched TTPs:

T1090.004 - Domain Fronting
T1027.002 - Software Packing

MITREへのリンク →

RedCurl

Score: 6.51

Matched TTPs:

T1055.009 - Proc Memory
T1105 - Ingress Tool Transfer

MITREへのリンク →

Transparent Tribe

Score: 4.43

Matched TTPs:

T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 6.88

Matched TTPs:

T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 5.27

Matched TTPs:

T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.84

Matched TTPs:

T1546.007 - Netsh Helper DLL
T1140 - Deobfuscate/Decode Files or Information
T1055.008 - Ptrace System Calls
T1668 - Exclusive Control
T1562.004 - Disable or Modify System Firewall
T1059.012 - Hypervisor CLI
T1558 - Steal or Forge Kerberos Tickets
T1566.003 - Spearphishing via Service
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sandworm Team

Score: 0.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1564.008 - Email Hiding Rules
T1187 - Forced Authentication
T1562.004 - Disable or Modify System Firewall
T1193 - Spearphishing Attachment
T1075 - Pass the Hash
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Lazarus Group

Score: 0.65

Matched TTPs:

T1677 - Poisoned Pipeline Execution
T1547.008 - LSASS Driver
T1059.012 - Hypervisor CLI
T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1578.001 - Create Snapshot

MITREへのリンク →

APT41

Score: 0.64

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1578.003 - Delete Cloud Instance
T1008 - Fallback Channels
T1668 - Exclusive Control
T1562.004 - Disable or Modify System Firewall
T1574.002 - DLL Side-Loading

MITREへのリンク →

Volt Typhoon

Score: 0.61

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1164 - Re-opened Applications
T1003.007 - Proc Filesystem
T1574.002 - DLL Side-Loading
T1102 - Web Service
T1578.001 - Create Snapshot

MITREへのリンク →

Mustang Panda

Score: 0.56

Matched TTPs:

T1677 - Poisoned Pipeline Execution
T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1102 - Web Service

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る