Pulse Detail-

Untangling the Patchwork Cyberespionage Group

概要

Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they use may not be groundbreaking—what with other groups exploiting zero-days or adjusting their tactics—but the group’s repertoire of infection vectors and payloads makes them a credible threat. We trailed Patchwork’s activities over the course of its campaigns in 2017. The diversity of their methods is notable—from the social engineering hooks, attack chains, and backdoors they deployed. They’ve also joined the Dynamic Data Exchange (DDE) and Windows Script Component (SCT) abuse bandwagons and started exploiting recently reported vulnerabilities. These imply they’re at least keeping an eye on other threats and security flaws that they can repurpose for their own ends. Also of note are its attem

Created: 2026-02-23

Indicators

類似Pulses

A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.64)
BBSRAT Attacks Targeting Russian Organizations (score: 0.63)
Threat Group-3390 Targets Organizations for Cyberespionage (score: 0.63)
New Targeted Attack Group Buys BIFROSE Code, Works in Teams (score: 0.63)
Tick cyberespionage group zeros in on Japan (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 37.72

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1204.003 - Malicious Image
T1027.014 - Polymorphic Code
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure
T1003.003 - NTDS
T1490 - Inhibit System Recovery

MITREへのリンク →

Sea Turtle

Score: 13.13

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1490 - Inhibit System Recovery

MITREへのリンク →

Ember Bear

Score: 30.18

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1059.001 - PowerShell
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1003.003 - NTDS

MITREへのリンク →

Indrik Spider

Score: 10.23

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Agrius

Score: 8.49

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1597 - Search Closed Sources

MITREへのリンク →

Contagious Interview

Score: 38.10

Matched TTPs:

T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1021.006 - Windows Remote Management
T1218.008 - Odbcconf
T1064 - Scripting
T1552.003 - Shell History
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Sandworm Team

Score: 37.33

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1193 - Spearphishing Attachment
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1075 - Pass the Hash
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Star Blizzard

Score: 13.02

Matched TTPs:

T1033 - System Owner/User Discovery
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1657 - Financial Theft
T1199 - Trusted Relationship
T1204.003 - Malicious Image

MITREへのリンク →

FIN13

Score: 12.65

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1552.003 - Shell History
T1199 - Trusted Relationship
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Moonstone Sleet

Score: 8.24

Matched TTPs:

T1606.002 - SAML Tokens
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 22.13

Matched TTPs:

T1606.002 - SAML Tokens
T1598.003 - Spearphishing Link
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 31.22

Matched TTPs:

T1606.002 - SAML Tokens
T1562.009 - Safe Mode Boot
T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1558 - Steal or Forge Kerberos Tickets
T1212 - Exploitation for Credential Access
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

UNC3886

Score: 14.83

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1597 - Search Closed Sources
T1488 - Disk Content Wipe
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 5.69

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Salt Typhoon

Score: 7.16

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

APT29

Score: 24.56

Matched TTPs:

T1606.002 - SAML Tokens
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1199 - Trusted Relationship
T1204.003 - Malicious Image
T1218.010 - Regsvr32
T1546.018 - Python Startup Hooks
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

Play

Score: 12.18

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Aoqin Dragon

Score: 6.62

Matched TTPs:

T1606.002 - SAML Tokens
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 5.72

Matched TTPs:

T1606.002 - SAML Tokens
T1598.003 - Spearphishing Link
T1128 - Netsh Helper DLL

MITREへのリンク →

Moses Staff

Score: 5.19

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Turla

Score: 15.87

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1608.005 - Link Target
T1212 - Exploitation for Credential Access
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Ke3chang

Score: 14.23

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1204.003 - Malicious Image
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mustang Panda

Score: 37.85

Matched TTPs:

T1606.002 - SAML Tokens
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1136.001 - Local Account
T1562.006 - Indicator Blocking
T1569.001 - Launchctl
T1608.005 - Link Target
T1169 - Sudo
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

TeamTNT

Score: 21.32

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1071.003 - Mail Protocols
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

FIN7

Score: 22.75

Matched TTPs:

T1606.002 - SAML Tokens
T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1011.001 - Exfiltration Over Bluetooth
T1608.005 - Link Target
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Cobalt Group

Score: 12.23

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries

MITREへのリンク →

MuddyWater

Score: 21.13

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Sidewinder

Score: 12.26

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1218.010 - Regsvr32
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT28

Score: 35.27

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1204.003 - Malicious Image
T1548.004 - Elevated Execution with Prompt
T1592.003 - Firmware
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT37

Score: 5.89

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gallmaker

Score: 3.62

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link

MITREへのリンク →

Leviathan

Score: 19.98

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1027.014 - Polymorphic Code
T1488 - Disk Content Wipe
T1592.003 - Firmware
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BITTER

Score: 8.71

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA505

Score: 9.02

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Patchwork

Score: 9.57

Matched TTPs:

T1206 - Sudo Caching
T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

Evilnum

Score: 4.22

Matched TTPs:

T1562.009 - Safe Mode Boot
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Volt Typhoon

Score: 29.39

Matched TTPs:

T1562.009 - Safe Mode Boot
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1212 - Exploitation for Credential Access
T1199 - Trusted Relationship
T1488 - Disk Content Wipe
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1574.002 - DLL Side-Loading
T1665 - Hide Infrastructure

MITREへのリンク →

Darkhotel

Score: 10.43

Matched TTPs:

T1562.009 - Safe Mode Boot
T1598.003 - Spearphishing Link
T1064 - Scripting
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gamaredon Group

Score: 19.88

Matched TTPs:

T1562.009 - Safe Mode Boot
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1061 - Graphical User Interface
T1059.013 - Container CLI/API
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Saint Bear

Score: 12.00

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1064 - Scripting
T1608.005 - Link Target
T1597 - Search Closed Sources
T1218.010 - Regsvr32

MITREへのリンク →

Tropic Trooper

Score: 14.14

Matched TTPs:

T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN6

Score: 11.54

Matched TTPs:

T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

admin@338

Score: 8.04

Matched TTPs:

T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1212 - Exploitation for Credential Access
T1218.010 - Regsvr32

MITREへのリンク →

Windshift

Score: 9.11

Matched TTPs:

T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

BRONZE BUTLER

Score: 13.25

Matched TTPs:

T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

WIRTE

Score: 5.25

Matched TTPs:

T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

menuPass

Score: 8.90

Matched TTPs:

T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Threat Group-3390

Score: 14.32

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT32

Score: 21.07

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1608.005 - Link Target
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

Inception

Score: 8.71

Matched TTPs:

T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

EXOTIC LILY

Score: 6.86

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Ajax Security Team

Score: 4.17

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 20.93

Matched TTPs:

T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1193 - Spearphishing Attachment
T1657 - Financial Theft
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1204.003 - Malicious Image
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Elderwood

Score: 3.14

Matched TTPs:

T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT33

Score: 10.87

Matched TTPs:

T1598.003 - Spearphishing Link
T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

TA551

Score: 6.58

Matched TTPs:

T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT41

Score: 22.91

Matched TTPs:

T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1002 - Data Compressed
T1564.003 - Hidden Window
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1574.002 - DLL Side-Loading

MITREへのリンク →

Winter Vivern

Score: 7.90

Matched TTPs:

T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Higaisa

Score: 5.20

Matched TTPs:

T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Confucius

Score: 7.99

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.005 - Link Target
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

BlackTech

Score: 4.69

Matched TTPs:

T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Gorgon Group

Score: 4.30

Matched TTPs:

T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT19

Score: 4.47

Matched TTPs:

T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code

MITREへのリンク →

Malteiro

Score: 3.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1552.003 - Shell History

MITREへのリンク →

SideCopy

Score: 9.99

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1657 - Financial Theft
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN8

Score: 7.99

Matched TTPs:

T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Nomadic Octopus

Score: 3.84

Matched TTPs:

T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LazyScripter

Score: 7.82

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN4

Score: 3.54

Matched TTPs:

T1598.003 - Spearphishing Link
T1204.003 - Malicious Image

MITREへのリンク →

Wizard Spider

Score: 16.67

Matched TTPs:

T1598.003 - Spearphishing Link
T1567.001 - Exfiltration to Code Repository
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Andariel

Score: 3.14

Matched TTPs:

T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA2541

Score: 11.03

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Tonto Team

Score: 9.04

Matched TTPs:

T1598.003 - Spearphishing Link
T1059.001 - PowerShell
T1212 - Exploitation for Credential Access
T1218.010 - Regsvr32
T1547.013 - XDG Autostart Entries

MITREへのリンク →

CURIUM

Score: 3.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.008 - LSASS Driver

MITREへのリンク →

IndigoZebra

Score: 4.51

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT1

Score: 9.66

Matched TTPs:

T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1199 - Trusted Relationship
T1204.003 - Malicious Image
T1668 - Exclusive Control

MITREへのリンク →

APT38

Score: 4.30

Matched TTPs:

T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries

MITREへのリンク →

PLATINUM

Score: 3.84

Matched TTPs:

T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT39

Score: 3.97

Matched TTPs:

T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

HAFNIUM

Score: 20.90

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1218.008 - Odbcconf
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1204.003 - Malicious Image
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Aquatic Panda

Score: 11.28

Matched TTPs:

T1003.007 - Proc Filesystem
T1562.004 - Disable or Modify System Firewall
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Chimera

Score: 18.99

Matched TTPs:

T1003.007 - Proc Filesystem
T1212 - Exploitation for Credential Access
T1199 - Trusted Relationship
T1204.003 - Malicious Image
T1592.003 - Firmware
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries
T1665 - Hide Infrastructure

MITREへのリンク →

Earth Lusca

Score: 14.17

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1059.001 - PowerShell
T1199 - Trusted Relationship

MITREへのリンク →

BlackByte

Score: 6.02

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries

MITREへのリンク →

HEXANE

Score: 9.50

Matched TTPs:

T1091 - Replication Through Removable Media
T1212 - Exploitation for Credential Access
T1199 - Trusted Relationship
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT42

Score: 5.57

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

Rocke

Score: 7.67

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1059.013 - Container CLI/API
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BackdoorDiplomacy

Score: 3.10

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Magic Hound

Score: 18.13

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1204.003 - Malicious Image
T1592.003 - Firmware
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 20.84

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1552.003 - Shell History
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1598 - Phishing for Information
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-0501

Score: 6.74

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1027.014 - Polymorphic Code

MITREへのリンク →

Fox Kitten

Score: 8.84

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1547.013 - XDG Autostart Entries
T1588.005 - Exploits

MITREへのリンク →

Cinnamon Tempest

Score: 5.62

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

ToddyCat

Score: 6.83

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1665 - Hide Infrastructure
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 5.07

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code

MITREへのリンク →

GALLIUM

Score: 5.84

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1668 - Exclusive Control
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Volatile Cedar

Score: 8.97

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1002 - Data Compressed
T1547.013 - XDG Autostart Entries

MITREへのリンク →

INC Ransom

Score: 7.42

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Axiom

Score: 6.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1049 - System Network Connections Discovery
T1218.010 - Regsvr32

MITREへのリンク →

ZIRCONIUM

Score: 4.98

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-1811

Score: 6.34

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

LAPSUS$

Score: 19.67

Matched TTPs:

T1193 - Spearphishing Attachment
T1218.008 - Odbcconf
T1199 - Trusted Relationship
T1592.003 - Firmware
T1564.003 - Hidden Window
T1588.005 - Exploits

MITREへのリンク →

Akira

Score: 4.32

Matched TTPs:

T1552.003 - Shell History
T1597 - Search Closed Sources

MITREへのリンク →

Scattered Spider

Score: 13.64

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1564.003 - Hidden Window
T1547.013 - XDG Autostart Entries
T1588.005 - Exploits

MITREへのリンク →

DarkVishnya

Score: 5.39

Matched TTPs:

T1199 - Trusted Relationship
T1213.003 - Code Repositories

MITREへのリンク →

Leafminer

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1204.003 - Malicious Image

MITREへのリンク →

Thrip

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1556 - Modify Authentication Process

MITREへのリンク →

FIN10

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Velvet Ant

Score: 11.34

Matched TTPs:

T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1490 - Inhibit System Recovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.84

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1598.003 - Spearphishing Link
T1033 - System Owner/User Discovery
T1049 - System Network Connections Discovery
T1005 - Data from Local System
T1606.002 - SAML Tokens
T1075 - Pass the Hash
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1547.013 - XDG Autostart Entries
T1564.008 - Email Hiding Rules
T1193 - Spearphishing Attachment
T1218.010 - Regsvr32

MITREへのリンク →

Kimsuky

Score: 0.83

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1199 - Trusted Relationship
T1665 - Hide Infrastructure
T1598.003 - Spearphishing Link
T1033 - System Owner/User Discovery
T1490 - Inhibit System Recovery
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1003.007 - Proc Filesystem
T1597 - Search Closed Sources
T1027.014 - Polymorphic Code
T1003.003 - NTDS
T1668 - Exclusive Control
T1608.005 - Link Target
T1204.003 - Malicious Image
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mustang Panda

Score: 0.83

Matched TTPs:

T1199 - Trusted Relationship
T1598.003 - Spearphishing Link
T1055.005 - Thread Local Storage
T1569.001 - Launchctl
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1169 - Sudo
T1159 - Launch Agent
T1608.005 - Link Target
T1136.001 - Local Account
T1556 - Modify Authentication Process
T1562.006 - Indicator Blocking
T1218.010 - Regsvr32

MITREへのリンク →

Contagious Interview

Score: 0.82

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship
T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1044 - File System Permissions Weakness
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1597 - Search Closed Sources
T1218.008 - Odbcconf
T1064 - Scripting
T1547.008 - LSASS Driver
T1608.005 - Link Target
T1556 - Modify Authentication Process

MITREへのリンク →

APT28

Score: 0.80

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1548.004 - Elevated Execution with Prompt
T1199 - Trusted Relationship
T1598.003 - Spearphishing Link
T1206 - Sudo Caching
T1592.003 - Firmware
T1566.003 - Spearphishing via Service
T1558 - Steal or Forge Kerberos Tickets
T1562.004 - Disable or Modify System Firewall
T1668 - Exclusive Control
T1059.001 - PowerShell
T1608.005 - Link Target
T1204.003 - Malicious Image
T1547.013 - XDG Autostart Entries
T1218.010 - Regsvr32

MITREへのリンク →

OilRig

Score: 0.72

Matched TTPs:

T1199 - Trusted Relationship
T1598.003 - Spearphishing Link
T1128 - Netsh Helper DLL
T1562.009 - Safe Mode Boot
T1005 - Data from Local System
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1003.007 - Proc Filesystem
T1558 - Steal or Forge Kerberos Tickets
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1212 - Exploitation for Credential Access
T1556 - Modify Authentication Process
T1218.010 - Regsvr32

MITREへのリンク →

Volt Typhoon

Score: 0.69

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1574.002 - DLL Side-Loading
T1199 - Trusted Relationship
T1665 - Hide Infrastructure
T1049 - System Network Connections Discovery
T1562.009 - Safe Mode Boot
T1488 - Disk Content Wipe
T1003.007 - Proc Filesystem
T1159 - Launch Agent
T1212 - Exploitation for Credential Access
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Ember Bear

Score: 0.68

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1033 - System Owner/User Discovery
T1059.001 - PowerShell
T1005 - Data from Local System
T1558 - Steal or Forge Kerberos Tickets
T1597 - Search Closed Sources
T1562.004 - Disable or Modify System Firewall
T1668 - Exclusive Control
T1564.008 - Email Hiding Rules
T1003.003 - NTDS
T1218.010 - Regsvr32

MITREへのリンク →

APT29

Score: 0.61

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1598.003 - Spearphishing Link
T1490 - Inhibit System Recovery
T1546.018 - Python Startup Hooks
T1606.002 - SAML Tokens
T1562.004 - Disable or Modify System Firewall
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1608.005 - Link Target
T1204.003 - Malicious Image
T1218.010 - Regsvr32

MITREへのリンク →

FIN7

Score: 0.58

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1598.003 - Spearphishing Link
T1490 - Inhibit System Recovery
T1011.001 - Exfiltration Over Bluetooth
T1206 - Sudo Caching
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1059.001 - PowerShell
T1608.005 - Link Target

MITREへのリンク →

APT41

Score: 0.58

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1574.002 - DLL Side-Loading
T1199 - Trusted Relationship
T1598.003 - Spearphishing Link
T1002 - Data Compressed
T1562.004 - Disable or Modify System Firewall
T1668 - Exclusive Control
T1564.003 - Hidden Window
T1547.013 - XDG Autostart Entries
T1218.010 - Regsvr32

MITREへのリンク →

Lazarus Group

Score: 0.57

Matched TTPs:

T1199 - Trusted Relationship
T1665 - Hide Infrastructure
T1598.003 - Spearphishing Link
T1055.005 - Thread Local Storage
T1606.002 - SAML Tokens
T1597 - Search Closed Sources
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1608.005 - Link Target
T1556 - Modify Authentication Process
T1218.010 - Regsvr32

MITREへのリンク →

TeamTNT

Score: 0.56

Matched TTPs:

T1665 - Hide Infrastructure
T1606.002 - SAML Tokens
T1071.003 - Mail Protocols
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1003.007 - Proc Filesystem
T1597 - Search Closed Sources
T1562.004 - Disable or Modify System Firewall
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Untangling the Patchwork Cyberespionage Group

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ