Pulse Detail-

TA17-164A: HIDDEN COBRA

概要

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

TA17-164A - HIDDEN COBRA DDoS Botnet Infrastructure (score: 0.98)
HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure (score: 0.94)
TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure (score: 0.92)
Hidden Cobra (score: 0.80)
HIDDENCOBRA (score: 0.77)

このPulseに関連する脅威アクター (事実ベース)

Andariel

Score: 8.47

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1187 - Forced Authentication
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Magic Hound

Score: 23.55

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1565 - Data Manipulation
T1187 - Forced Authentication
T1547.013 - XDG Autostart Entries
T1098.002 - Additional Email Delegate Permissions
T1547.008 - LSASS Driver

MITREへのリンク →

HAFNIUM

Score: 24.29

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1099 - Timestomp
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1049 - System Network Connections Discovery
T1552.008 - Chat Messages
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT41

Score: 18.01

Matched TTPs:

T1539 - Steal Web Session Cookie
T1195.001 - Compromise Software Dependencies and Development Tools
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries
T1574.002 - DLL Side-Loading
T1008 - Fallback Channels

MITREへのリンク →

TA551

Score: 4.91

Matched TTPs:

T1539 - Steal Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

HEXANE

Score: 9.31

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1565 - Data Manipulation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT29

Score: 21.03

Matched TTPs:

T1099 - Timestomp
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1218.009 - Regsvcs/Regasm
T1547.013 - XDG Autostart Entries
T1608.006 - SEO Poisoning
T1547.008 - LSASS Driver

MITREへのリンク →

Gamaredon Group

Score: 10.14

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media
T1056.002 - GUI Input Capture
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA2541

Score: 10.14

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lotus Blossom

Score: 9.89

Matched TTPs:

T1099 - Timestomp
T1590.006 - Network Security Appliances
T1056.002 - GUI Input Capture
T1569.002 - Service Execution

MITREへのリンク →

FIN13

Score: 24.37

Matched TTPs:

T1099 - Timestomp
T1606.002 - SAML Tokens
T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1144 - Gatekeeper Bypass
T1552.003 - Shell History
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer
T1569.002 - Service Execution

MITREへのリンク →

Turla

Score: 18.03

Matched TTPs:

T1099 - Timestomp
T1606.002 - SAML Tokens
T1131 - Authentication Package
T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution

MITREへのリンク →

Volt Typhoon

Score: 38.24

Matched TTPs:

T1099 - Timestomp
T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1164 - Re-opened Applications
T1590.006 - Network Security Appliances
T1049 - System Network Connections Discovery
T1057 - Process Discovery
T1552.008 - Chat Messages
T1056.002 - GUI Input Capture
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1574.002 - DLL Side-Loading
T1569.002 - Service Execution

MITREへのリンク →

FIN8

Score: 10.91

Matched TTPs:

T1099 - Timestomp
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Chimera

Score: 4.99

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LazyScripter

Score: 5.50

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cobalt Group

Score: 8.17

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

OilRig

Score: 21.61

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1592.002 - Software
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Ke3chang

Score: 12.40

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT39

Score: 7.92

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution

MITREへのリンク →

Ember Bear

Score: 11.09

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1519 - Emond

MITREへのリンク →

Tropic Trooper

Score: 12.30

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1590.006 - Network Security Appliances
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT18

Score: 3.52

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN7

Score: 15.01

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1057 - Process Discovery
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer

MITREへのリンク →

Kimsuky

Score: 27.44

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1131 - Authentication Package
T1590.006 - Network Security Appliances
T1552.003 - Shell History
T1057 - Process Discovery
T1565 - Data Manipulation
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

Moonstone Sleet

Score: 14.46

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1057 - Process Discovery
T1565 - Data Manipulation
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Indrik Spider

Score: 9.55

Matched TTPs:

T1606.002 - SAML Tokens
T1552.008 - Chat Messages
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 27.80

Matched TTPs:

T1606.002 - SAML Tokens
T1590.006 - Network Security Appliances
T1057 - Process Discovery
T1565 - Data Manipulation
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1547.008 - LSASS Driver
T1569.002 - Service Execution
T1556 - Modify Authentication Process

MITREへのリンク →

Contagious Interview

Score: 21.62

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1131 - Authentication Package
T1021.006 - Windows Remote Management
T1552.003 - Shell History
T1565 - Data Manipulation
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

UNC3886

Score: 10.73

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management

MITREへのリンク →

LuminousMoth

Score: 7.51

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sandworm Team

Score: 30.37

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment
T1049 - System Network Connections Discovery
T1565 - Data Manipulation
T1187 - Forced Authentication
T1075 - Pass the Hash
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Salt Typhoon

Score: 17.73

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1608.002 - Upload Tool
T1556 - Modify Authentication Process

MITREへのリンク →

Play

Score: 10.23

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1552.003 - Shell History
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

RedCurl

Score: 7.51

Matched TTPs:

T1606.002 - SAML Tokens
T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer

MITREへのリンク →

Cleaver

Score: 4.44

Matched TTPs:

T1606.002 - SAML Tokens
T1565 - Data Manipulation

MITREへのリンク →

Moses Staff

Score: 5.81

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mustang Panda

Score: 15.86

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

TeamTNT

Score: 12.35

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1519 - Emond
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Velvet Ant

Score: 12.84

Matched TTPs:

T1583.005 - Botnet
T1128 - Netsh Helper DLL
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT33

Score: 6.56

Matched TTPs:

T1583.005 - Botnet
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

DarkVishnya

Score: 3.03

Matched TTPs:

T1583.005 - Botnet

MITREへのリンク →

APT28

Score: 35.01

Matched TTPs:

T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1139 - Bash History
T1131 - Authentication Package
T1057 - Process Discovery
T1056.002 - GUI Input Capture
T1146 - Clear Command History
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

Earth Lusca

Score: 7.75

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1546.016 - Installer Packages

MITREへのリンク →

Star Blizzard

Score: 4.31

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation

MITREへのリンク →

Threat Group-3390

Score: 9.82

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries

MITREへのリンク →

SideCopy

Score: 6.12

Matched TTPs:

T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BlackByte

Score: 7.59

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT32

Score: 15.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1131 - Authentication Package
T1590.006 - Network Security Appliances
T1565 - Data Manipulation
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

EXOTIC LILY

Score: 6.84

Matched TTPs:

T1091 - Replication Through Removable Media
T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 8.09

Matched TTPs:

T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie

MITREへのリンク →

Rocke

Score: 10.10

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries
T1105 - Ingress Tool Transfer
T1008 - Fallback Channels

MITREへのリンク →

Medusa Group

Score: 20.10

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1590.006 - Network Security Appliances
T1552.003 - Shell History
T1056.002 - GUI Input Capture
T1565 - Data Manipulation
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-0501

Score: 5.89

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1506 - Web Session Cookie

MITREへのリンク →

Fox Kitten

Score: 4.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1565 - Data Manipulation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cinnamon Tempest

Score: 4.77

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

menuPass

Score: 3.72

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries

MITREへのリンク →

ToddyCat

Score: 5.89

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1506 - Web Session Cookie
T1547.008 - LSASS Driver

MITREへのリンク →

GALLIUM

Score: 3.72

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Leviathan

Score: 10.17

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1565 - Data Manipulation
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

INC Ransom

Score: 4.77

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Dragonfly

Score: 10.39

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1193 - Spearphishing Attachment
T1590.006 - Network Security Appliances
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Axiom

Score: 9.63

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1160 - Launch Daemon

MITREへのリンク →

MuddyWater

Score: 5.62

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

SilverTerrier

Score: 5.81

Matched TTPs:

T1131 - Authentication Package
T1552.003 - Shell History

MITREへのリンク →

LAPSUS$

Score: 3.84

Matched TTPs:

T1193 - Spearphishing Attachment

MITREへのリンク →

Scattered Spider

Score: 10.96

Matched TTPs:

T1590.006 - Network Security Appliances
T1144 - Gatekeeper Bypass
T1552.003 - Shell History
T1565 - Data Manipulation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Naikon

Score: 3.37

Matched TTPs:

T1590.006 - Network Security Appliances
T1506 - Web Session Cookie

MITREへのリンク →

Sidewinder

Score: 4.15

Matched TTPs:

T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Wizard Spider

Score: 6.89

Matched TTPs:

T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Darkhotel

Score: 4.15

Matched TTPs:

T1590.006 - Network Security Appliances
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Higaisa

Score: 4.40

Matched TTPs:

T1590.006 - Network Security Appliances
T1569.002 - Service Execution

MITREへのリンク →

ZIRCONIUM

Score: 9.13

Matched TTPs:

T1590.006 - Network Security Appliances
T1056.002 - GUI Input Capture
T1547.013 - XDG Autostart Entries
T1608.006 - SEO Poisoning

MITREへのリンク →

Aquatic Panda

Score: 6.52

Matched TTPs:

T1144 - Gatekeeper Bypass
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Malteiro

Score: 4.42

Matched TTPs:

T1552.003 - Shell History
T1506 - Web Session Cookie

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1565 - Data Manipulation

MITREへのリンク →

CURIUM

Score: 4.86

Matched TTPs:

T1565 - Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

APT37

Score: 4.91

Matched TTPs:

T1078 - Valid Accounts
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Windshift

Score: 9.33

Matched TTPs:

T1078 - Valid Accounts
T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 8.02

Matched TTPs:

T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Patchwork

Score: 5.96

Matched TTPs:

T1506 - Web Session Cookie
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

Daggerfly

Score: 3.61

Matched TTPs:

T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-1811

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

BRONZE BUTLER

Score: 4.06

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

Ajax Security Team

Score: 3.30

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.85

Matched TTPs:

T1099 - Timestomp
T1164 - Re-opened Applications
T1590.006 - Network Security Appliances
T1140 - Deobfuscate/Decode Files or Information
T1057 - Process Discovery
T1049 - System Network Connections Discovery
T1574.002 - DLL Side-Loading
T1552.008 - Chat Messages
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution
T1056.002 - GUI Input Capture
T1553.002 - Code Signing

MITREへのリンク →

APT28

Score: 0.77

Matched TTPs:

T1583.005 - Botnet
T1546.007 - Netsh Helper DLL
T1131 - Authentication Package
T1139 - Bash History
T1566.003 - Spearphishing via Service
T1140 - Deobfuscate/Decode Files or Information
T1057 - Process Discovery
T1146 - Clear Command History
T1547.013 - XDG Autostart Entries
T1056.002 - GUI Input Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sandworm Team

Score: 0.70

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1565 - Data Manipulation
T1075 - Pass the Hash
T1187 - Forced Authentication
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1193 - Spearphishing Attachment
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 0.67

Matched TTPs:

T1606.002 - SAML Tokens
T1565 - Data Manipulation
T1556 - Modify Authentication Process
T1590.006 - Network Security Appliances
T1057 - Process Discovery
T1547.008 - LSASS Driver
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

Kimsuky

Score: 0.65

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1565 - Data Manipulation
T1131 - Authentication Package
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1057 - Process Discovery
T1506 - Web Session Cookie
T1008 - Fallback Channels
T1547.013 - XDG Autostart Entries
T1552.003 - Shell History

MITREへのリンク →

FIN13

Score: 0.59

Matched TTPs:

T1606.002 - SAML Tokens
T1099 - Timestomp
T1144 - Gatekeeper Bypass
T1590.006 - Network Security Appliances
T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution
T1552.003 - Shell History
T1553.002 - Code Signing
T1105 - Ingress Tool Transfer

MITREへのリンク →

HAFNIUM

Score: 0.57

Matched TTPs:

T1099 - Timestomp
T1027.008 - Stripped Payloads
T1590.006 - Network Security Appliances
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1552.008 - Chat Messages
T1547.013 - XDG Autostart Entries
T1171 - LLMNR/NBT-NS Poisoning and Relay
T1105 - Ingress Tool Transfer

MITREへのリンク →

Magic Hound

Score: 0.57

Matched TTPs:

T1099 - Timestomp
T1565 - Data Manipulation
T1187 - Forced Authentication
T1590.006 - Network Security Appliances
T1140 - Deobfuscate/Decode Files or Information
T1098.002 - Additional Email Delegate Permissions
T1547.008 - LSASS Driver
T1547.013 - XDG Autostart Entries
T1171 - LLMNR/NBT-NS Poisoning and Relay

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

TA17-164A: HIDDEN COBRA

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ