Pulse Detail-

LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America

概要

leetMX is a widespread cyber-attack campaign originating from Mexico and focused on targets in Mexico, El Salvador, and other countries in Latin America, such as Guatemala, Argentina and Costa Rica. It has been operating since November 2016 at least. We are uncertain of its objectives but estimate it is criminally motivated. leetMX infrastructure includes 27 hosts and domains used for malware delivery or for command and control. Hundreds of malware samples have been used, most are Remote Access Trojans and keyloggers. Interestingly, the attackers camouflage one of their delivery domains by redirecting visitors to El Universal, a major Mexican newspaper.

Created: 2026-02-23

Indicators

類似Pulses

FBI Cyberwatch A-000067-DM (score: 0.65)
Chinese Actors attacks on US Government and EU Media (score: 0.64)
FBI CYWATCH A-000067-DM (score: 0.64)
Tracking Elirks Variants in Japan: Similarities to Previous Attacks (score: 0.63)
New Attacks Linked to C0d0s0 Group (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 31.83

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1612 - Build Image on Host
T1569.001 - Launchctl
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1218.010 - Regsvr32
T1209 - Time Providers
T1055.005 - Thread Local Storage

MITREへのリンク →

Kimsuky

Score: 52.60

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1033 - System Owner/User Discovery
T1114 - Email Collection
T1566.002 - Spearphishing Link
T1583.005 - Botnet
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1152 - Launchctl
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1608.005 - Link Target
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1547.002 - Authentication Package
T1622 - Debugger Evasion
T1008 - Fallback Channels
T1053.002 - At

MITREへのリンク →

Sea Turtle

Score: 19.34

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1033 - System Owner/User Discovery
T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1218.010 - Regsvr32
T1137.004 - Outlook Home Page

MITREへのリンク →

Ember Bear

Score: 18.77

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1140 - Deobfuscate/Decode Files or Information
T1056.002 - GUI Input Capture
T1218.010 - Regsvr32
T1519 - Emond
T1209 - Time Providers

MITREへのリンク →

Indrik Spider

Score: 13.65

Matched TTPs:

T1033 - System Owner/User Discovery
T1183 - Image File Execution Options Injection
T1552.008 - Chat Messages
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Agrius

Score: 7.92

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers
T1622 - Debugger Evasion

MITREへのリンク →

Contagious Interview

Score: 31.49

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1021.006 - Windows Remote Management
T1183 - Image File Execution Options Injection
T1045 - Software Packing
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1690 - Prevent Command History Logging
T1221 - Template Injection
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 58.45

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1566.002 - Spearphishing Link
T1583.005 - Botnet
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1193 - Spearphishing Attachment
T1045 - Software Packing
T1049 - System Network Connections Discovery
T1102.003 - One-Way Communication
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1075 - Pass the Hash
T1546.016 - Installer Packages
T1111 - Multi-Factor Authentication Interception

MITREへのリンク →

Star Blizzard

Score: 14.55

Matched TTPs:

T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1102.003 - One-Way Communication

MITREへのリンク →

Volt Typhoon

Score: 58.84

Matched TTPs:

T1148 - HISTCONTROL
T1685.001 - Disable or Modify Windows Event Log
T1114 - Email Collection
T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1134.002 - Create Process with Token
T1164 - Re-opened Applications
T1045 - Software Packing
T1049 - System Network Connections Discovery
T1057 - Process Discovery
T1552.008 - Chat Messages
T1102.003 - One-Way Communication
T1056.002 - GUI Input Capture
T1546.016 - Installer Packages
T1209 - Time Providers
T1622 - Debugger Evasion
T1574.002 - DLL Side-Loading
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Andariel

Score: 10.95

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Magic Hound

Score: 40.22

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1045 - Software Packing
T1608.005 - Link Target
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1622 - Debugger Evasion
T1098.002 - Additional Email Delegate Permissions
T1547.008 - LSASS Driver
T1053.002 - At

MITREへのリンク →

HAFNIUM

Score: 25.70

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1134.002 - Create Process with Token
T1059 - Command and Scripting Interpreter
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1552.008 - Chat Messages

MITREへのリンク →

APT41

Score: 26.80

Matched TTPs:

T1539 - Steal Web Session Cookie
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1218.010 - Regsvr32
T1002 - Data Compressed
T1209 - Time Providers
T1622 - Debugger Evasion
T1574.002 - DLL Side-Loading
T1027.007 - Dynamic API Resolution
T1008 - Fallback Channels

MITREへのリンク →

TA551

Score: 6.66

Matched TTPs:

T1539 - Steal Web Session Cookie
T1134.002 - Create Process with Token

MITREへのリンク →

APT28

Score: 41.76

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1152 - Launchctl
T1547.011 - Plist Modification
T1608.005 - Link Target
T1057 - Process Discovery
T1056.002 - GUI Input Capture
T1548.004 - Elevated Execution with Prompt
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.007 - Netsh Helper DLL

MITREへのリンク →

ZIRCONIUM

Score: 21.48

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1056.002 - GUI Input Capture
T1547.002 - Authentication Package
T1608.006 - SEO Poisoning
T1578.001 - Create Snapshot

MITREへのリンク →

Leviathan

Score: 23.51

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1554 - Compromise Host Software Binary
T1056.002 - GUI Input Capture
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Silent Librarian

Score: 12.07

Matched TTPs:

T1114 - Email Collection
T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token

MITREへのリンク →

EXOTIC LILY

Score: 26.51

Matched TTPs:

T1114 - Email Collection
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1612 - Build Image on Host
T1149 - LC_MAIN Hijacking
T1690 - Prevent Command History Logging
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1114 - Email Collection
T1608.005 - Link Target

MITREへのリンク →

Axiom

Score: 18.38

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion
T1160 - Launch Daemon

MITREへのリンク →

HEXANE

Score: 16.19

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1547.002 - Authentication Package
T1622 - Debugger Evasion

MITREへのリンク →

Sidewinder

Score: 6.54

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Scattered Spider

Score: 12.50

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1045 - Software Packing
T1027.002 - Software Packing
T1622 - Debugger Evasion

MITREへのリンク →

APT32

Score: 23.46

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1134.002 - Create Process with Token
T1612 - Build Image on Host
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Moonstone Sleet

Score: 18.96

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1057 - Process Discovery
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 19.80

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 20.06

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1193 - Spearphishing Attachment
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Patchwork

Score: 10.65

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion
T1008 - Fallback Channels

MITREへのリンク →

APT5

Score: 6.96

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Ke3chang

Score: 7.71

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Transparent Tribe

Score: 11.10

Matched TTPs:

T1115 - Clipboard Data
T1098.007 - Additional Local or Domain Groups
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1053.002 - At

MITREへのリンク →

LuminousMoth

Score: 5.01

Matched TTPs:

T1115 - Clipboard Data
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN7

Score: 22.33

Matched TTPs:

T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1057 - Process Discovery
T1547.002 - Authentication Package
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1578.001 - Create Snapshot

MITREへのリンク →

Threat Group-3390

Score: 17.15

Matched TTPs:

T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1218.003 - CMSTP
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

Mustard Tempest

Score: 10.06

Matched TTPs:

T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1053.002 - At

MITREへのリンク →

Velvet Ant

Score: 8.36

Matched TTPs:

T1583.005 - Botnet
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

Salt Typhoon

Score: 8.35

Matched TTPs:

T1583.005 - Botnet
T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT33

Score: 4.53

Matched TTPs:

T1583.005 - Botnet
T1218.010 - Regsvr32

MITREへのリンク →

UNC3886

Score: 12.72

Matched TTPs:

T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

DarkVishnya

Score: 4.80

Matched TTPs:

T1583.005 - Botnet
T1209 - Time Providers

MITREへのリンク →

FIN13

Score: 11.66

Matched TTPs:

T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers
T1622 - Debugger Evasion
T1569.002 - Service Execution

MITREへのリンク →

APT29

Score: 26.20

Matched TTPs:

T1202 - Indirect Command Execution
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1608.005 - Link Target
T1056.002 - GUI Input Capture
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1608.006 - SEO Poisoning
T1547.008 - LSASS Driver

MITREへのリンク →

TA2541

Score: 5.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

Earth Lusca

Score: 17.53

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1045 - Software Packing
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

OilRig

Score: 10.92

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1218.010 - Regsvr32
T1209 - Time Providers
T1622 - Debugger Evasion
T1547.008 - LSASS Driver

MITREへのリンク →

TeamTNT

Score: 11.91

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1612 - Build Image on Host
T1519 - Emond
T1209 - Time Providers

MITREへのリンク →

LazyScripter

Score: 8.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1612 - Build Image on Host
T1608.005 - Link Target

MITREへのリンク →

Gamaredon Group

Score: 19.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1045 - Software Packing
T1612 - Build Image on Host
T1608.005 - Link Target
T1554 - Compromise Host Software Binary
T1056.002 - GUI Input Capture
T1547.002 - Authentication Package

MITREへのリンク →

SideCopy

Score: 5.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1053.002 - At

MITREへのリンク →

TA505

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

BlackByte

Score: 9.25

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

BITTER

Score: 4.98

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1218.010 - Regsvr32

MITREへのリンク →

Saint Bear

Score: 8.00

Matched TTPs:

T1091 - Replication Through Removable Media
T1134.002 - Create Process with Token
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

APT42

Score: 8.30

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1612 - Build Image on Host

MITREへのリンク →

Rocke

Score: 9.04

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1612 - Build Image on Host
T1209 - Time Providers
T1008 - Fallback Channels

MITREへのリンク →

BackdoorDiplomacy

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

BlackTech

Score: 4.73

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1209 - Time Providers

MITREへのリンク →

Medusa Group

Score: 18.46

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1183 - Image File Execution Options Injection
T1608.005 - Link Target
T1056.002 - GUI Input Capture
T1209 - Time Providers
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Fox Kitten

Score: 9.75

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1612 - Build Image on Host
T1209 - Time Providers
T1622 - Debugger Evasion

MITREへのリンク →

Cinnamon Tempest

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing

MITREへのリンク →

menuPass

Score: 9.15

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1547.011 - Plist Modification
T1209 - Time Providers
T1622 - Debugger Evasion

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 7.86

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

GALLIUM

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification

MITREへのリンク →

Winter Vivern

Score: 8.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volatile Cedar

Score: 5.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1002 - Data Compressed

MITREへのリンク →

INC Ransom

Score: 7.28

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

MuddyWater

Score: 10.12

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1608.005 - Link Target
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT39

Score: 15.35

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1547.002 - Authentication Package
T1209 - Time Providers
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

Storm-1811

Score: 4.04

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1547.008 - LSASS Driver

MITREへのリンク →

APT1

Score: 8.74

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1622 - Debugger Evasion
T1053.002 - At

MITREへのリンク →

IndigoZebra

Score: 3.53

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

Lazarus Group

Score: 38.45

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1547.011 - Plist Modification
T1134.002 - Create Process with Token
T1608.005 - Link Target
T1057 - Process Discovery
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1569.002 - Service Execution

MITREへのリンク →

APT38

Score: 5.68

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1059.012 - Hypervisor CLI
T1027.007 - Dynamic API Resolution

MITREへのリンク →

MoustachedBouncer

Score: 6.88

Matched TTPs:

T1055.003 - Thread Execution Hijacking
T1045 - Software Packing

MITREへのリンク →

Higaisa

Score: 11.55

Matched TTPs:

T1569.003 - Systemctl
T1218.010 - Regsvr32
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Wizard Spider

Score: 6.33

Matched TTPs:

T1183 - Image File Execution Options Injection
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Tonto Team

Score: 4.24

Matched TTPs:

T1547.011 - Plist Modification
T1218.010 - Regsvr32

MITREへのリンク →

APT3

Score: 5.89

Matched TTPs:

T1547.011 - Plist Modification
T1218.010 - Regsvr32
T1622 - Debugger Evasion

MITREへのリンク →

Silence

Score: 6.79

Matched TTPs:

T1547.011 - Plist Modification
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

LAPSUS$

Score: 12.84

Matched TTPs:

T1134.002 - Create Process with Token
T1193 - Spearphishing Attachment
T1045 - Software Packing
T1137.004 - Outlook Home Page

MITREへのリンク →

Turla

Score: 23.01

Matched TTPs:

T1045 - Software Packing
T1612 - Build Image on Host
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Windigo

Score: 4.11

Matched TTPs:

T1045 - Software Packing
T1059.012 - Hypervisor CLI

MITREへのリンク →

POLONIUM

Score: 6.75

Matched TTPs:

T1045 - Software Packing
T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

RedCurl

Score: 4.29

Matched TTPs:

T1612 - Build Image on Host
T1209 - Time Providers

MITREへのリンク →

Inception

Score: 6.76

Matched TTPs:

T1612 - Build Image on Host
T1056.002 - GUI Input Capture
T1218.010 - Regsvr32

MITREへのリンク →

FIN6

Score: 10.86

Matched TTPs:

T1612 - Build Image on Host
T1209 - Time Providers
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

FIN8

Score: 4.17

Matched TTPs:

T1612 - Build Image on Host
T1622 - Debugger Evasion

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

Lotus Blossom

Score: 7.44

Matched TTPs:

T1056.002 - GUI Input Capture
T1209 - Time Providers
T1569.002 - Service Execution

MITREへのリンク →

APT37

Score: 5.66

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Cobalt Group

Score: 4.91

Matched TTPs:

T1218.010 - Regsvr32
T1209 - Time Providers
T1622 - Debugger Evasion

MITREへのリンク →

BRONZE BUTLER

Score: 9.14

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1008 - Fallback Channels

MITREへのリンク →

Tropic Trooper

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1209 - Time Providers

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Darkhotel

Score: 5.85

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

RTM

Score: 5.05

Matched TTPs:

T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Windshift

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Dark Caracal

Score: 4.29

Matched TTPs:

T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Leafminer

Score: 3.53

Matched TTPs:

T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

Daggerfly

Score: 4.60

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1130 - Install Root Certificate
T1569.002 - Service Execution

MITREへのリンク →

Chimera

Score: 8.40

Matched TTPs:

T1209 - Time Providers
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1578.001 - Create Snapshot

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.84

Matched TTPs:

T1569.002 - Service Execution
T1552.008 - Chat Messages
T1148 - HISTCONTROL
T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers
T1134.002 - Create Process with Token
T1056.002 - GUI Input Capture
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1045 - Software Packing
T1578.001 - Create Snapshot
T1114 - Email Collection
T1553.002 - Code Signing
T1049 - System Network Connections Discovery
T1574.002 - DLL Side-Loading
T1622 - Debugger Evasion
T1685.001 - Disable or Modify Windows Event Log
T1546.016 - Installer Packages
T1164 - Re-opened Applications

MITREへのリンク →

Sandworm Team

Score: 0.83

Matched TTPs:

T1547.002 - Authentication Package
T1193 - Spearphishing Attachment
T1564.008 - Email Hiding Rules
T1140 - Deobfuscate/Decode Files or Information
T1134.002 - Create Process with Token
T1102.003 - One-Way Communication
T1045 - Software Packing
T1091 - Replication Through Removable Media
T1566.002 - Spearphishing Link
T1114 - Email Collection
T1049 - System Network Connections Discovery
T1033 - System Owner/User Discovery
T1218.010 - Regsvr32
T1183 - Image File Execution Options Injection
T1187 - Forced Authentication
T1583.005 - Botnet
T1546.016 - Installer Packages
T1075 - Pass the Hash
T1111 - Multi-Factor Authentication Interception
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Kimsuky

Score: 0.75

Matched TTPs:

T1547.002 - Authentication Package
T1140 - Deobfuscate/Decode Files or Information
T1690 - Prevent Command History Logging
T1152 - Launchctl
T1134.002 - Create Process with Token
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1566.002 - Spearphishing Link
T1114 - Email Collection
T1053.002 - At
T1033 - System Owner/User Discovery
T1183 - Image File Execution Options Injection
T1622 - Debugger Evasion
T1037 - Boot or Logon Initialization Scripts
T1583.005 - Botnet
T1098.007 - Additional Local or Domain Groups
T1008 - Fallback Channels

MITREへのリンク →

APT28

Score: 0.62

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1608.005 - Link Target
T1566.002 - Spearphishing Link
T1548.004 - Elevated Execution with Prompt
T1547.002 - Authentication Package
T1152 - Launchctl
T1056.002 - GUI Input Capture
T1546.007 - Netsh Helper DLL
T1057 - Process Discovery
T1059.012 - Hypervisor CLI
T1583.005 - Botnet
T1218.010 - Regsvr32
T1098.007 - Additional Local or Domain Groups
T1685.001 - Disable or Modify Windows Event Log

MITREへのリンク →

Lazarus Group

Score: 0.59

Matched TTPs:

T1622 - Debugger Evasion
T1547.011 - Plist Modification
T1608.005 - Link Target
T1547.002 - Authentication Package
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1569.002 - Service Execution
T1134.002 - Create Process with Token
T1057 - Process Discovery
T1059.012 - Hypervisor CLI
T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1547.008 - LSASS Driver
T1578.001 - Create Snapshot
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection

MITREへのリンク →

Magic Hound

Score: 0.58

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1622 - Debugger Evasion
T1566.002 - Spearphishing Link
T1547.002 - Authentication Package
T1209 - Time Providers
T1171 - LLMNR/NBT-NS Poisoning and Relay
T1187 - Forced Authentication
T1134.002 - Create Process with Token
T1059.012 - Hypervisor CLI
T1053.002 - At
T1098.002 - Additional Email Delegate Permissions
T1045 - Software Packing
T1547.008 - LSASS Driver
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ