Pulse Detail-

LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America

概要

leetMX is a widespread cyber-attack campaign originating from Mexico and focused on targets in Mexico, El Salvador, and other countries in Latin America, such as Guatemala, Argentina and Costa Rica. It has been operating since November 2016 at least. We are uncertain of its objectives but estimate it is criminally motivated. leetMX infrastructure includes 27 hosts and domains used for malware delivery or for command and control. Hundreds of malware samples have been used, most are Remote Access Trojans and keyloggers. Interestingly, the attackers camouflage one of their delivery domains by redirecting visitors to El Universal, a major Mexican newspaper.

Created: 2026-02-23

Indicators

類似Pulses

FBI Cyberwatch A-000067-DM (score: 0.65)
Chinese Actors attacks on US Government and EU Media (score: 0.64)
FBI CYWATCH A-000067-DM (score: 0.64)
Tracking Elirks Variants in Japan: Similarities to Previous Attacks (score: 0.63)
New Attacks Linked to C0d0s0 Group (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 31.83

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1102 - Web Service
T1608 - Stage Capabilities
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Kimsuky

Score: 52.60

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1594 - Search Victim-Owned Websites
T1598.003 - Spearphishing Link
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1596 - Search Open Technical Databases
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1593 - Search Open Websites/Domains
T1593.001 - Social Media
T1102.002 - Bidirectional Communication
T1021.001 - Remote Desktop Protocol
T1102.001 - Dead Drop Resolver
T1584.001 - Domains

MITREへのリンク →

Sea Turtle

Score: 19.34

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1583.002 - DNS Server
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1203 - Exploitation for Client Execution
T1584.002 - DNS Server

MITREへのリンク →

Ember Bear

Score: 18.77

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1190 - Exploit Public-Facing Application
T1090.003 - Multi-hop Proxy
T1203 - Exploitation for Client Execution
T1595.001 - Scanning IP Blocks
T1046 - Network Service Discovery

MITREへのリンク →

Indrik Spider

Score: 13.65

Matched TTPs:

T1583 - Acquire Infrastructure
T1585.002 - Email Accounts
T1590 - Gather Victim Network Information
T1584.004 - Server
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Agrius

Score: 7.92

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Contagious Interview

Score: 31.49

Matched TTPs:

T1583 - Acquire Infrastructure
T1608.001 - Upload Malware
T1583.001 - Domains
T1681 - Search Threat Vendor Data
T1585.002 - Email Accounts
T1090 - Proxy
T1583.006 - Web Services
T1593 - Search Open Websites/Domains
T1593.001 - Social Media
T1204.004 - Malicious Copy and Paste
T1566.003 - Spearphishing via Service

MITREへのリンク →

Sandworm Team

Score: 58.45

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1594 - Search Victim-Owned Websites
T1598.003 - Spearphishing Link
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1591.002 - Business Relationships
T1090 - Proxy
T1584.005 - Botnet
T1593 - Search Open Websites/Domains
T1592.002 - Software
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1499 - Endpoint Denial of Service
T1584.004 - Server
T1590.001 - Domain Properties

MITREへのリンク →

Star Blizzard

Score: 14.55

Matched TTPs:

T1583 - Acquire Infrastructure
T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1593 - Search Open Websites/Domains

MITREへのリンク →

Volt Typhoon

Score: 58.84

Matched TTPs:

T1592 - Gather Victim Host Information
T1584.008 - Network Devices
T1594 - Search Victim-Owned Websites
T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application
T1589.002 - Email Addresses
T1590.006 - Network Security Appliances
T1090 - Proxy
T1584.005 - Botnet
T1591 - Gather Victim Org Information
T1590 - Gather Victim Network Information
T1593 - Search Open Websites/Domains
T1090.003 - Multi-hop Proxy
T1584.004 - Server
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1596.005 - Scan Databases
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Andariel

Score: 10.95

Matched TTPs:

T1590.005 - IP Addresses
T1592.002 - Software
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Magic Hound

Score: 40.22

Matched TTPs:

T1590.005 - IP Addresses
T1598.003 - Spearphishing Link
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1090 - Proxy
T1583.006 - Web Services
T1592.002 - Software
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1591.001 - Determine Physical Locations
T1566.003 - Spearphishing via Service
T1584.001 - Domains

MITREへのリンク →

HAFNIUM

Score: 25.70

Matched TTPs:

T1590.005 - IP Addresses
T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1589.002 - Email Addresses
T1592.004 - Client Configurations
T1584.005 - Botnet
T1583.006 - Web Services
T1590 - Gather Victim Network Information

MITREへのリンク →

APT41

Score: 26.80

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1190 - Exploit Public-Facing Application
T1090 - Proxy
T1203 - Exploitation for Client Execution
T1595.003 - Wordlist Scanning
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1596.005 - Scan Databases
T1569.002 - Service Execution
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TA551

Score: 6.66

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1589.002 - Email Addresses

MITREへのリンク →

APT28

Score: 41.76

Matched TTPs:

T1584.008 - Network Devices
T1598.003 - Spearphishing Link
T1040 - Network Sniffing
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1596 - Search Open Technical Databases
T1090.002 - External Proxy
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1090.003 - Multi-hop Proxy
T1546.015 - Component Object Model Hijacking
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1669 - Wi-Fi Networks

MITREへのリンク →

ZIRCONIUM

Score: 21.48

Matched TTPs:

T1584.008 - Network Devices
T1598.003 - Spearphishing Link
T1583.001 - Domains
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1102.002 - Bidirectional Communication
T1665 - Hide Infrastructure
T1124 - System Time Discovery

MITREへのリンク →

Leviathan

Score: 23.51

Matched TTPs:

T1584.008 - Network Devices
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1585.002 - Email Accounts
T1102.003 - One-Way Communication
T1090.003 - Multi-hop Proxy
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Silent Librarian

Score: 12.07

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1598.003 - Spearphishing Link
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses

MITREへのリンク →

EXOTIC LILY

Score: 26.51

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1102 - Web Service
T1597 - Search Closed Sources
T1593.001 - Social Media
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1583.006 - Web Services

MITREへのリンク →

Axiom

Score: 18.38

Matched TTPs:

T1583.002 - DNS Server
T1190 - Exploit Public-Facing Application
T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1021.001 - Remote Desktop Protocol
T1001.002 - Steganography

MITREへのリンク →

HEXANE

Score: 16.19

Matched TTPs:

T1583.002 - DNS Server
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1102.002 - Bidirectional Communication
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Sidewinder

Score: 6.54

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Scattered Spider

Score: 12.50

Matched TTPs:

T1598.003 - Spearphishing Link
T1583.001 - Domains
T1090 - Proxy
T1538 - Cloud Service Dashboard
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

APT32

Score: 23.46

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1583.001 - Domains
T1589.002 - Email Addresses
T1102 - Web Service
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1046 - Network Service Discovery
T1569.002 - Service Execution

MITREへのリンク →

Moonstone Sleet

Score: 18.96

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1591 - Gather Victim Org Information
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

CURIUM

Score: 19.80

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1583.001 - Domains
T1585.002 - Email Accounts
T1584.006 - Web Services
T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dragonfly

Score: 20.06

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1591.002 - Business Relationships
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Patchwork

Score: 10.65

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1021.001 - Remote Desktop Protocol
T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT5

Score: 6.96

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Ke3chang

Score: 7.71

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1569.002 - Service Execution

MITREへのリンク →

Transparent Tribe

Score: 11.10

Matched TTPs:

T1608.004 - Drive-by Target
T1583.001 - Domains
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.001 - Domains

MITREへのリンク →

LuminousMoth

Score: 5.01

Matched TTPs:

T1608.004 - Drive-by Target
T1608.001 - Upload Malware

MITREへのリンク →

FIN7

Score: 22.33

Matched TTPs:

T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1102.002 - Bidirectional Communication
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1124 - System Time Discovery

MITREへのリンク →

Threat Group-3390

Score: 17.15

Matched TTPs:

T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1608.002 - Upload Tool
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1046 - Network Service Discovery

MITREへのリンク →

Mustard Tempest

Score: 10.06

Matched TTPs:

T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1189 - Drive-by Compromise
T1584.001 - Domains

MITREへのリンク →

Velvet Ant

Score: 8.36

Matched TTPs:

T1040 - Network Sniffing
T1569.002 - Service Execution
T1090.001 - Internal Proxy

MITREへのリンク →

Salt Typhoon

Score: 8.35

Matched TTPs:

T1040 - Network Sniffing
T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application

MITREへのリンク →

APT33

Score: 4.53

Matched TTPs:

T1040 - Network Sniffing
T1203 - Exploitation for Client Execution

MITREへのリンク →

UNC3886

Score: 12.72

Matched TTPs:

T1040 - Network Sniffing
T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

DarkVishnya

Score: 4.80

Matched TTPs:

T1040 - Network Sniffing
T1046 - Network Service Discovery

MITREへのリンク →

FIN13

Score: 11.66

Matched TTPs:

T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1090.001 - Internal Proxy

MITREへのリンク →

APT29

Score: 26.20

Matched TTPs:

T1586.003 - Cloud Accounts
T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting
T1665 - Hide Infrastructure
T1566.003 - Spearphishing via Service

MITREへのリンク →

TA2541

Score: 5.50

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains
T1583.006 - Web Services

MITREへのリンク →

Earth Lusca

Score: 17.53

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1090 - Proxy
T1583.006 - Web Services
T1584.006 - Web Services
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

OilRig

Score: 10.92

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains
T1203 - Exploitation for Client Execution
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1566.003 - Spearphishing via Service

MITREへのリンク →

TeamTNT

Score: 11.91

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains
T1102 - Web Service
T1595.001 - Scanning IP Blocks
T1046 - Network Service Discovery

MITREへのリンク →

LazyScripter

Score: 8.03

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains
T1102 - Web Service
T1583.006 - Web Services

MITREへのリンク →

Gamaredon Group

Score: 19.64

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains
T1090 - Proxy
T1102 - Web Service
T1583.006 - Web Services
T1102.003 - One-Way Communication
T1090.003 - Multi-hop Proxy
T1102.002 - Bidirectional Communication

MITREへのリンク →

SideCopy

Score: 5.26

Matched TTPs:

T1608.001 - Upload Malware
T1584.001 - Domains

MITREへのリンク →

TA505

Score: 3.49

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains

MITREへのリンク →

BlackByte

Score: 9.25

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

BITTER

Score: 4.98

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains
T1203 - Exploitation for Client Execution

MITREへのリンク →

Saint Bear

Score: 8.00

Matched TTPs:

T1608.001 - Upload Malware
T1589.002 - Email Addresses
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT42

Score: 8.30

Matched TTPs:

T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1102 - Web Service

MITREへのリンク →

Rocke

Score: 9.04

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102 - Web Service
T1046 - Network Service Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

BackdoorDiplomacy

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

BlackTech

Score: 4.73

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1046 - Network Service Discovery

MITREへのリンク →

Medusa Group

Score: 18.46

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool
T1585.002 - Email Accounts
T1583.006 - Web Services
T1090.003 - Multi-hop Proxy
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Fox Kitten

Score: 9.75

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy
T1102 - Web Service
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Cinnamon Tempest

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy

MITREへのリンク →

menuPass

Score: 9.15

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1090.002 - External Proxy
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566.003 - Spearphishing via Service

MITREへのリンク →

Blue Mockingbird

Score: 7.86

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

GALLIUM

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy

MITREへのリンク →

Winter Vivern

Score: 8.37

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1584.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

Volatile Cedar

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1595.003 - Wordlist Scanning

MITREへのリンク →

INC Ransom

Score: 7.28

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

MuddyWater

Score: 10.12

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT39

Score: 15.35

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1102.002 - Bidirectional Communication
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1090.001 - Internal Proxy

MITREへのリンク →

Storm-1811

Score: 4.04

Matched TTPs:

T1583.001 - Domains
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT1

Score: 8.74

Matched TTPs:

T1583.001 - Domains
T1585.002 - Email Accounts
T1021.001 - Remote Desktop Protocol
T1584.001 - Domains

MITREへのリンク →

IndigoZebra

Score: 3.53

Matched TTPs:

T1583.001 - Domains
T1583.006 - Web Services

MITREへのリンク →

Lazarus Group

Score: 38.45

Matched TTPs:

T1583.001 - Domains
T1585.002 - Email Accounts
T1090.002 - External Proxy
T1589.002 - Email Addresses
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server
T1046 - Network Service Discovery
T1027.007 - Dynamic API Resolution
T1021.001 - Remote Desktop Protocol
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1090.001 - Internal Proxy

MITREへのリンク →

APT38

Score: 5.68

Matched TTPs:

T1583.001 - Domains
T1189 - Drive-by Compromise
T1569.002 - Service Execution

MITREへのリンク →

MoustachedBouncer

Score: 6.88

Matched TTPs:

T1659 - Content Injection
T1090 - Proxy

MITREへのリンク →

Higaisa

Score: 11.55

Matched TTPs:

T1029 - Scheduled Transfer
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Wizard Spider

Score: 6.33

Matched TTPs:

T1585.002 - Email Accounts
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

Tonto Team

Score: 4.24

Matched TTPs:

T1090.002 - External Proxy
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT3

Score: 5.89

Matched TTPs:

T1090.002 - External Proxy
T1203 - Exploitation for Client Execution
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Silence

Score: 6.79

Matched TTPs:

T1090.002 - External Proxy
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution

MITREへのリンク →

LAPSUS$

Score: 12.84

Matched TTPs:

T1589.002 - Email Addresses
T1591.002 - Business Relationships
T1090 - Proxy
T1584.002 - DNS Server

MITREへのリンク →

Turla

Score: 23.01

Matched TTPs:

T1090 - Proxy
T1102 - Web Service
T1583.006 - Web Services
T1584.006 - Web Services
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1584.004 - Server
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Windigo

Score: 4.11

Matched TTPs:

T1090 - Proxy
T1189 - Drive-by Compromise

MITREへのリンク →

POLONIUM

Score: 6.75

Matched TTPs:

T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication

MITREへのリンク →

RedCurl

Score: 4.29

Matched TTPs:

T1102 - Web Service
T1046 - Network Service Discovery

MITREへのリンク →

Inception

Score: 6.76

Matched TTPs:

T1102 - Web Service
T1090.003 - Multi-hop Proxy
T1203 - Exploitation for Client Execution

MITREへのリンク →

FIN6

Score: 10.86

Matched TTPs:

T1102 - Web Service
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN8

Score: 4.17

Matched TTPs:

T1102 - Web Service
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Lotus Blossom

Score: 7.44

Matched TTPs:

T1090.003 - Multi-hop Proxy
T1046 - Network Service Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Cobalt Group

Score: 4.91

Matched TTPs:

T1203 - Exploitation for Client Execution
T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol

MITREへのリンク →

BRONZE BUTLER

Score: 9.14

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Tropic Trooper

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1046 - Network Service Discovery

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 5.85

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Leafminer

Score: 3.53

Matched TTPs:

T1189 - Drive-by Compromise
T1046 - Network Service Discovery

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1564.005 - Hidden File System
T1090.001 - Internal Proxy

MITREへのリンク →

Chimera

Score: 8.40

Matched TTPs:

T1046 - Network Service Discovery
T1021.001 - Remote Desktop Protocol
T1569.002 - Service Execution
T1124 - System Time Discovery

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.84

Matched TTPs:

T1124 - System Time Discovery
T1596.005 - Scan Databases
T1591 - Gather Victim Org Information
T1046 - Network Service Discovery
T1584.008 - Network Devices
T1592 - Gather Victim Host Information
T1590 - Gather Victim Network Information
T1584.004 - Server
T1584.005 - Botnet
T1594 - Search Victim-Owned Websites
T1589.002 - Email Addresses
T1090.001 - Internal Proxy
T1590.004 - Network Topology
T1090.003 - Multi-hop Proxy
T1021.001 - Remote Desktop Protocol
T1593 - Search Open Websites/Domains
T1190 - Exploit Public-Facing Application
T1590.006 - Network Security Appliances
T1090 - Proxy

MITREへのリンク →

Sandworm Team

Score: 0.83

Matched TTPs:

T1584.004 - Server
T1499 - Endpoint Denial of Service
T1584.005 - Botnet
T1585.002 - Email Accounts
T1594 - Search Victim-Owned Websites
T1589.002 - Email Addresses
T1590.001 - Domain Properties
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1591.002 - Business Relationships
T1598.003 - Spearphishing Link
T1593 - Search Open Websites/Domains
T1592.002 - Software
T1203 - Exploitation for Client Execution
T1190 - Exploit Public-Facing Application
T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1102.002 - Bidirectional Communication
T1583.001 - Domains
T1090 - Proxy

MITREへのリンク →

Kimsuky

Score: 0.75

Matched TTPs:

T1591 - Gather Victim Org Information
T1557 - Adversary-in-the-Middle
T1585.002 - Email Accounts
T1594 - Search Victim-Owned Websites
T1589.002 - Email Addresses
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1021.001 - Remote Desktop Protocol
T1598.003 - Spearphishing Link
T1593 - Search Open Websites/Domains
T1584.001 - Domains
T1593.001 - Social Media
T1190 - Exploit Public-Facing Application
T1583 - Acquire Infrastructure
T1583.006 - Web Services
T1596 - Search Open Technical Databases
T1102.001 - Dead Drop Resolver
T1102.002 - Bidirectional Communication
T1583.001 - Domains

MITREへのリンク →

APT28

Score: 0.62

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1598.003 - Spearphishing Link
T1090.002 - External Proxy
T1591 - Gather Victim Org Information
T1584.008 - Network Devices
T1596 - Search Open Technical Databases
T1546.015 - Component Object Model Hijacking
T1203 - Exploitation for Client Execution
T1669 - Wi-Fi Networks
T1102.002 - Bidirectional Communication
T1583.001 - Domains
T1040 - Network Sniffing
T1189 - Drive-by Compromise
T1090.003 - Multi-hop Proxy

MITREへのリンク →

Lazarus Group

Score: 0.59

Matched TTPs:

T1583.006 - Web Services
T1027.007 - Dynamic API Resolution
T1021.001 - Remote Desktop Protocol
T1124 - System Time Discovery
T1090.002 - External Proxy
T1585.002 - Email Accounts
T1591 - Gather Victim Org Information
T1046 - Network Service Discovery
T1589.002 - Email Addresses
T1090.001 - Internal Proxy
T1566.003 - Spearphishing via Service
T1203 - Exploitation for Client Execution
T1102.002 - Bidirectional Communication
T1583.001 - Domains
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Magic Hound

Score: 0.58

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1598.003 - Spearphishing Link
T1021.001 - Remote Desktop Protocol
T1585.002 - Email Accounts
T1046 - Network Service Discovery
T1589.002 - Email Addresses
T1590.005 - IP Addresses
T1592.002 - Software
T1566.003 - Spearphishing via Service
T1584.001 - Domains
T1591.001 - Determine Physical Locations
T1102.002 - Bidirectional Communication
T1583.001 - Domains
T1189 - Drive-by Compromise
T1090 - Proxy

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ