Trusted Design

Recent Coordinated Attack on Security Infrastructure

概要

The included indicators were observed in a coordinated attack to gain access to a managed security provider over the previous 3 day timeframe. Instead of blocking the MSSP wrote a script and redirected the attackers to honeypots to observe the activity that the actors were trying to carry out. An additional report will be published by Jigsaw Security Enterprise Inc in the coming days outlining the entire observation and will include some binary samples, MD5 hashes and similar data to allow others being attacked to protect their networks. Jigsaw Security was not the intended target of this attack. We were called in by one of our Jigsaw Enterprise Platform users after they noticed suspicious activity on a database server.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 16.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1654 - Log Enumeration
  • T1550.002 - Pass the Hash
MITREへのリンク →

Sandworm Team

Score: 22.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1591.002 - Business Relationships
  • T1592.002 - Software
  • T1499 - Endpoint Denial of Service
MITREへのリンク →

BRONZE BUTLER

Score: 12.35
Matched TTPs:
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TeamTNT

Score: 9.20
Matched TTPs:
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1518.001 - Security Software Discovery
MITREへのリンク →

OilRig

Score: 9.98
Matched TTPs:
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Turla

Score: 8.78
Matched TTPs:
  • T1007 - System Service Discovery
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

Aquatic Panda

Score: 13.20
Matched TTPs:
  • T1007 - System Service Discovery
  • T1595.002 - Vulnerability Scanning
  • T1654 - Log Enumeration
  • T1518.001 - Security Software Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Kimsuky

Score: 11.92
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
  • T1550.002 - Pass the Hash
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Chimera

Score: 7.86
Matched TTPs:
  • T1007 - System Service Discovery
  • T1550.002 - Pass the Hash
  • T1124 - System Time Discovery
MITREへのリンク →

Ke3chang

Score: 3.99
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Earth Lusca

Score: 8.35
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1189 - Drive-by Compromise
MITREへのリンク →

Volt Typhoon

Score: 18.69
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1590.006 - Network Security Appliances
  • T1654 - Log Enumeration
  • T1596.005 - Scan Databases
  • T1124 - System Time Discovery
MITREへのリンク →

APT1

Score: 5.27
Matched TTPs:
  • T1007 - System Service Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Rocke

Score: 9.32
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
  • T1564.001 - Hidden Files and Directories
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Threat Group-3390

Score: 3.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN7

Score: 6.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1564.001 - Hidden Files and Directories
  • T1124 - System Time Discovery
MITREへのリンク →

APT28

Score: 26.23
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1189 - Drive-by Compromise
  • T1550.002 - Pass the Hash
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN13

Score: 9.07
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1550.002 - Pass the Hash
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Magic Hound

Score: 12.20
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1592.002 - Software
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 3.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Storm-0501

Score: 11.35
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
  • T1556.009 - Conditional Access Policies
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

BlackByte

Score: 3.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Agrius

Score: 3.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
MITREへのリンク →

menuPass

Score: 3.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
MITREへのリンク →

ToddyCat

Score: 5.89
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

GALLIUM

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1550.002 - Pass the Hash
MITREへのリンク →

Winter Vivern

Score: 8.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT29

Score: 6.59
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Leviathan

Score: 5.83
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1189 - Drive-by Compromise
MITREへのリンク →

Volatile Cedar

Score: 4.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
MITREへのリンク →

INC Ransom

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

UNC3886

Score: 8.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1124 - System Time Discovery
MITREへのリンク →

Dragonfly

Score: 9.67
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1591.002 - Business Relationships
  • T1189 - Drive-by Compromise
MITREへのリンク →

Axiom

Score: 3.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT41

Score: 18.36
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1562.006 - Indicator Blocking
  • T1550.002 - Pass the Hash
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Play

Score: 3.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
MITREへのリンク →

HAFNIUM

Score: 8.27
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
MITREへのリンク →

APT5

Score: 12.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
  • T1070 - Indicator Removal
  • T1654 - Log Enumeration
MITREへのリンク →

MuddyWater

Score: 3.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Salt Typhoon

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT32

Score: 12.11
Matched TTPs:
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1550.002 - Pass the Hash
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Contagious Interview

Score: 11.59
Matched TTPs:
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

ZIRCONIUM

Score: 4.78
Matched TTPs:
  • T1036 - Masquerading
  • T1124 - System Time Discovery
MITREへのリンク →

Windshift

Score: 8.37
Matched TTPs:
  • T1036 - Masquerading
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 4.71
Matched TTPs:
  • T1036 - Masquerading
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 3.95
Matched TTPs:
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
MITREへのリンク →

LAPSUS$

Score: 3.84
Matched TTPs:
  • T1591.002 - Business Relationships
MITREへのリンク →

APT42

Score: 5.52
Matched TTPs:
  • T1070 - Indicator Removal
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Mustang Panda

Score: 16.61
Matched TTPs:
  • T1070 - Indicator Removal
  • T1654 - Log Enumeration
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Lazarus Group

Score: 20.05
Matched TTPs:
  • T1070 - Indicator Removal
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Andariel

Score: 5.61
Matched TTPs:
  • T1592.002 - Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 6.26
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

Sidewinder

Score: 4.49
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

APT38

Score: 8.20
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1036.006 - Space after Filename
MITREへのリンク →

FIN8

Score: 4.65
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

The White Company

Score: 4.49
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

Wizard Spider

Score: 7.39
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1550.002 - Pass the Hash
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Patchwork

Score: 6.95
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Tropic Trooper

Score: 4.57
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Scattered Spider

Score: 8.67
Matched TTPs:
  • T1556.009 - Conditional Access Policies
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

RedCurl

Score: 6.51
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Transparent Tribe

Score: 4.43
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

CURIUM

Score: 6.88
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 5.27
Matched TTPs:
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.84
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1036 - Masquerading
  • T1550.001 - Application Access Token
  • T1189 - Drive-by Compromise
  • T1550.002 - Pass the Hash
  • T1211 - Exploitation for Defense Evasion
  • T1190 - Exploit Public-Facing Application
  • T1669 - Wi-Fi Networks
  • T1595.002 - Vulnerability Scanning
MITREへのリンク →

Sandworm Team

Score: 0.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1036 - Masquerading
  • T1591.002 - Business Relationships
  • T1499 - Endpoint Denial of Service
  • T1190 - Exploit Public-Facing Application
  • T1592.002 - Software
  • T1595.002 - Vulnerability Scanning
MITREへのリンク →

Lazarus Group

Score: 0.65
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1124 - System Time Discovery
  • T1564.001 - Hidden Files and Directories
  • T1566.003 - Spearphishing via Service
  • T1070 - Indicator Removal
  • T1189 - Drive-by Compromise
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1550.002 - Pass the Hash
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1562.006 - Indicator Blocking
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Volt Typhoon

Score: 0.61
Matched TTPs:
  • T1124 - System Time Discovery
  • T1007 - System Service Discovery
  • T1654 - Log Enumeration
  • T1190 - Exploit Public-Facing Application
  • T1590.006 - Network Security Appliances
  • T1596.005 - Scan Databases
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1070 - Indicator Removal
  • T1654 - Log Enumeration
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る