Trusted Design

OilRig Deploys ALMA Communicator – DNS Tunneling Trojan

概要

Unit 42 has been closely tracking the OilRig threat group since May 2016. One technique we’ve been tracking with this threat group is their use of the Clayslide delivery document as attachments to spear-phishing emails in attacks since May 2016. In our April 2017 posting OilRig Actors Provide a Glimpse into Development and Testing Efforts we showed how we observed the OilRig threat group developing and refining these Clayside delivery documents. Recently, we observed a new version of the Clayslide delivery document used to install a new custom Trojan whose developer calls it “ALMA Communicator”. The delivery document also saved the post-exploitation credential harvesting tool known as Mimikatz, which we believe the threat actors will use to gather account credentials from the compromised system. While we do not have detailed telemetry, we have reason to believe this attack targeted an individual at a public utilities company in the Middle East.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 91.25
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1596 - Search Open Technical Databases
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1593.002 - Search Engines
  • T1589.003 - Employee Names
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1566 - Phishing
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1587 - Develop Capabilities
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

Sea Turtle

Score: 17.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
  • T1078.003 - Local Accounts
MITREへのリンク →

Ember Bear

Score: 26.61
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 14.09
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1585.002 - Email Accounts
  • T1590 - Gather Victim Network Information
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 8.93
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 54.14
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1593.003 - Code Repositories
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 70.98
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1589.003 - Employee Names
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
  • T1590.001 - Domain Properties
MITREへのリンク →

Star Blizzard

Score: 27.31
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1114.002 - Remote Email Collection
MITREへのリンク →

Volt Typhoon

Score: 53.61
Matched TTPs:
  • T1592 - Gather Victim Host Information
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1590.006 - Network Security Appliances
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1590 - Gather Victim Network Information
  • T1593 - Search Open Websites/Domains
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1596.005 - Scan Databases
MITREへのリンク →

LAPSUS$

Score: 50.30
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1586.002 - Email Accounts
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1204 - User Execution
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1003.006 - DCSync
  • T1213.005 - Messaging Applications
MITREへのリンク →

APT39

Score: 8.78
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 37.40
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1203 - Exploitation for Client Execution
  • T1003.006 - DCSync
MITREへのリンク →

Tonto Team

Score: 7.71
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1566.001 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 34.45
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

BlackByte

Score: 8.27
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT28

Score: 62.62
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1596 - Search Open Technical Databases
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1114.002 - Remote Email Collection
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1221 - Template Injection
  • T1137.002 - Office Test
MITREへのリンク →

Storm-0501

Score: 12.95
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1003.006 - DCSync
MITREへのリンク →

Axiom

Score: 18.77
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

Leviathan

Score: 39.10
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1218.010 - Regsvr32
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Scattered Spider

Score: 35.99
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1087 - Account Discovery
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1213.005 - Messaging Applications
MITREへのリンク →

FIN4

Score: 9.12
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1114.002 - Remote Email Collection
MITREへのリンク →

Andariel

Score: 11.82
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1566.001 - Spearphishing Attachment
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Magic Hound

Score: 52.78
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1114.002 - Remote Email Collection
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HAFNIUM

Score: 34.88
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1590 - Gather Victim Network Information
  • T1114.002 - Remote Email Collection
  • T1078.003 - Local Accounts
MITREへのリンク →

APT41

Score: 27.38
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA551

Score: 12.46
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1589.002 - Email Addresses
  • T1218.010 - Regsvr32
MITREへのリンク →

ZIRCONIUM

Score: 19.08
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

Silent Librarian

Score: 15.92
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1589.003 - Employee Names
MITREへのリンク →

EXOTIC LILY

Score: 26.31
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1597 - Search Closed Sources
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

FIN13

Score: 18.89
Matched TTPs:
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1087 - Account Discovery
  • T1657 - Financial Theft
MITREへのリンク →

Moonstone Sleet

Score: 26.82
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591 - Gather Victim Org Information
  • T1598 - Phishing for Information
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lazarus Group

Score: 30.68
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

OilRig

Score: 23.14
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1555.004 - Windows Credential Manager
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 14.46
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

LuminousMoth

Score: 8.55
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT29

Score: 27.04
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.003 - Cloud Accounts
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1583.006 - Web Services
  • T1114.002 - Remote Email Collection
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

Play

Score: 8.75
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 8.01
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 7.16
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Turla

Score: 24.70
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1078.003 - Local Accounts
MITREへのリンク →

Ke3chang

Score: 10.08
Matched TTPs:
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1114.002 - Remote Email Collection
MITREへのリンク →

TeamTNT

Score: 14.90
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1610 - Deploy Container
MITREへのリンク →

FIN7

Score: 29.14
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1078.003 - Local Accounts
MITREへのリンク →

BlackTech

Score: 5.28
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

MuddyWater

Score: 12.44
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 8.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

Sidewinder

Score: 9.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 5.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Machete

Score: 4.09
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustard Tempest

Score: 8.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 10.13
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN8

Score: 5.07
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

APT3

Score: 6.56
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
MITREへのリンク →

APT1

Score: 8.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1114.002 - Remote Email Collection
MITREへのリンク →

APT33

Score: 10.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1552.006 - Group Policy Preferences
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 8.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 9.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

TA2541

Score: 10.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Earth Lusca

Score: 25.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1003.006 - DCSync
MITREへのリンク →

Storm-1811

Score: 25.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1036.010 - Masquerade Account Name
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Wizard Spider

Score: 17.34
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1585.002 - Email Accounts
  • T1552.006 - Group Policy Preferences
  • T1210 - Exploitation of Remote Services
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
MITREへのリンク →

Patchwork

Score: 11.32
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA505

Score: 5.81
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
MITREへのリンク →

LazyScripter

Score: 10.01
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1583.006 - Web Services
MITREへのリンク →

APT42

Score: 13.00
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1573.002 - Asymmetric Cryptography
  • T1656 - Impersonation
MITREへのリンク →

CURIUM

Score: 18.08
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 37.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1114.002 - Remote Email Collection
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1584.004 - Server
MITREへのリンク →

Saint Bear

Score: 11.91
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

Tropic Trooper

Score: 10.93
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1221 - Template Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

FIN6

Score: 6.14
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BRONZE BUTLER

Score: 9.60
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

WIRTE

Score: 3.62
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.010 - Regsvr32
MITREへのリンク →

menuPass

Score: 8.79
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1210 - Exploitation of Remote Services
MITREへのリンク →

Threat Group-3390

Score: 19.01
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gamaredon Group

Score: 15.55
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1221 - Template Injection
MITREへのリンク →

Darkhotel

Score: 4.13
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

BITTER

Score: 5.86
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Inception

Score: 8.27
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

RTM

Score: 5.92
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Winter Vivern

Score: 18.57
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT19

Score: 5.39
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1657 - Financial Theft
MITREへのリンク →

SideCopy

Score: 6.47
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
MITREへのリンク →

APT37

Score: 10.15
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

IndigoZebra

Score: 7.07
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
  • T1583.006 - Web Services
MITREへのリンク →

APT38

Score: 12.32
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1189 - Drive-by Compromise
  • T1036.006 - Space after Filename
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

DarkHydrus

Score: 4.03
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1221 - Template Injection
MITREへのリンク →

PLATINUM

Score: 9.36
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Velvet Ant

Score: 10.68
Matched TTPs:
  • T1040 - Network Sniffing
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

DarkVishnya

Score: 3.03
Matched TTPs:
  • T1040 - Network Sniffing
MITREへのリンク →

HEXANE

Score: 23.54
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
MITREへのリンク →

Rocke

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
MITREへのリンク →

Medusa Group

Score: 21.03
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1585.002 - Email Accounts
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Fox Kitten

Score: 8.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1213.005 - Messaging Applications
MITREへのリンク →

Cinnamon Tempest

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 4.22
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
MITREへのリンク →

GALLIUM

Score: 3.71
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 9.51
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedEcho

Score: 4.26
Matched TTPs:
  • T1583.001 - Domains
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

Aquatic Panda

Score: 6.44
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1087 - Account Discovery
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

POLONIUM

Score: 4.41
Matched TTPs:
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Chimera

Score: 8.34
Matched TTPs:
  • T1114.002 - Remote Email Collection
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Leafminer

Score: 4.43
Matched TTPs:
  • T1114.002 - Remote Email Collection
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN10

Score: 4.90
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81
Matched TTPs:
  • T1583.006 - Web Services
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1218.010 - Regsvr32
  • T1114.002 - Remote Email Collection
  • T1587 - Develop Capabilities
  • T1583 - Acquire Infrastructure
  • T1593.001 - Social Media
  • T1589.002 - Email Addresses
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1591 - Gather Victim Org Information
  • T1583.001 - Domains
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
  • T1102.002 - Bidirectional Communication
  • T1534 - Internal Spearphishing
  • T1585.002 - Email Accounts
  • T1594 - Search Victim-Owned Websites
  • T1589.003 - Employee Names
  • T1586.002 - Email Accounts
  • T1593 - Search Open Websites/Domains
  • T1598 - Phishing for Information
  • T1190 - Exploit Public-Facing Application
  • T1596 - Search Open Technical Databases
  • T1656 - Impersonation
  • T1608.001 - Upload Malware
  • T1566 - Phishing
  • T1593.002 - Search Engines
  • T1588.005 - Exploits
MITREへのリンク →

Sandworm Team

Score: 0.69
Matched TTPs:
  • T1586.001 - Social Media Accounts
  • T1591.002 - Business Relationships
  • T1566.002 - Spearphishing Link
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1584.004 - Server
  • T1583 - Acquire Infrastructure
  • T1589.002 - Email Addresses
  • T1587.001 - Malware
  • T1595.002 - Vulnerability Scanning
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1584.005 - Botnet
  • T1583.001 - Domains
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1585.002 - Email Accounts
  • T1594 - Search Victim-Owned Websites
  • T1592.002 - Software
  • T1589.003 - Employee Names
  • T1593 - Search Open Websites/Domains
  • T1190 - Exploit Public-Facing Application
  • T1608.001 - Upload Malware
  • T1590.001 - Domain Properties
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT28

Score: 0.62
Matched TTPs:
  • T1583.006 - Web Services
  • T1221 - Template Injection
  • T1189 - Drive-by Compromise
  • T1137.002 - Office Test
  • T1589.001 - Credentials
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1003 - OS Credential Dumping
  • T1114.002 - Remote Email Collection
  • T1595.002 - Vulnerability Scanning
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1591 - Gather Victim Org Information
  • T1583.001 - Domains
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1210 - Exploitation of Remote Services
  • T1586.002 - Email Accounts
  • T1598 - Phishing for Information
  • T1190 - Exploit Public-Facing Application
  • T1596 - Search Open Technical Databases
  • T1584.008 - Network Devices
  • T1498 - Network Denial of Service
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る