Trusted Design

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit

概要

Rapid7 Labs has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom, involving a new custom backdoor named Chrysalis. The attack compromised Notepad++ infrastructure to deliver the backdoor. Analysis revealed multiple custom loaders, including one using Microsoft Warbird for obfuscation. The Chrysalis backdoor has extensive capabilities for information gathering, file operations, and remote command execution. Additional artifacts found include Cobalt Strike beacons and Metasploit payloads. The campaign shows Lotus Blossom evolving its tactics, mixing custom and off-the-shelf tools with advanced obfuscation techniques to evade detection.

Created: 2026-03-05

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 19.40
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
MITREへのリンク →

Kimsuky

Score: 42.57
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1557.003 - DHCP Spoofing
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 28.80
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1596.001 - DNS/Passive DNS
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Inception

Score: 3.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.012 - Verclsid
MITREへのリンク →

Darkhotel

Score: 7.01
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
MITREへのリンク →

APT28

Score: 10.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

APT18

Score: 3.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 11.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
MITREへのリンク →

Sidewinder

Score: 10.01
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

APT39

Score: 8.03
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
MITREへのリンク →

Lazarus Group

Score: 26.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Saint Bear

Score: 11.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1064 - Scripting
  • T1597 - Search Closed Sources
MITREへのリンク →

APT33

Score: 7.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

BITTER

Score: 7.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

TA505

Score: 11.79
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Higaisa

Score: 7.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
MITREへのリンク →

APT19

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Fox Kitten

Score: 14.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
MITREへのリンク →

Threat Group-3390

Score: 12.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

TA2541

Score: 7.70
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
MITREへのリンク →

Malteiro

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Magic Hound

Score: 25.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 5.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Blue Mockingbird

Score: 5.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
MITREへのリンク →

Tropic Trooper

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Contagious Interview

Score: 18.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1064 - Scripting
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 8.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
MITREへのリンク →

Moses Staff

Score: 7.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

TeamTNT

Score: 20.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1519 - Emond
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 18.14
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

APT32

Score: 19.98
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moonstone Sleet

Score: 14.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

GALLIUM

Score: 10.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT29

Score: 24.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1223 - Compiled HTML File
MITREへのリンク →

FIN13

Score: 15.27
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1588.001 - Malware
  • T1051 - Shared Webroot
MITREへのリンク →

Dragonfly

Score: 13.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

Ke3chang

Score: 17.49
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
MITREへのリンク →

Agrius

Score: 9.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 27.66
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1588.001 - Malware
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT5

Score: 7.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Wizard Spider

Score: 18.04
Matched TTPs:
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Ember Bear

Score: 16.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Silent Librarian

Score: 13.40
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

UNC3886

Score: 16.47
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

LuminousMoth

Score: 13.04
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
MITREへのリンク →

BlackTech

Score: 4.62
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Axiom

Score: 13.65
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
MITREへのリンク →

HEXANE

Score: 18.74
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

RedCurl

Score: 7.90
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1051 - Shared Webroot
MITREへのリンク →

APT1

Score: 5.81
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Chimera

Score: 13.74
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Winter Vivern

Score: 14.01
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Indrik Spider

Score: 12.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sandworm Team

Score: 35.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 6.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Turla

Score: 23.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

FIN7

Score: 21.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Scattered Spider

Score: 39.75
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 14.17
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
MITREへのリンク →

FIN6

Score: 11.03
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

ZIRCONIUM

Score: 10.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Star Blizzard

Score: 12.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 11.34
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1557.003 - DHCP Spoofing
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

HAFNIUM

Score: 13.56
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1049 - System Network Connections Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

BRONZE BUTLER

Score: 5.89
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
MITREへのリンク →

Aquatic Panda

Score: 6.42
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
MITREへのリンク →

Earth Lusca

Score: 19.12
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Volt Typhoon

Score: 36.23
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Gorgon Group

Score: 3.36
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
MITREへのリンク →

APT38

Score: 14.92
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

MuddyWater

Score: 15.29
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

Gamaredon Group

Score: 19.24
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

BlackByte

Score: 16.98
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cinnamon Tempest

Score: 6.80
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Rocke

Score: 10.80
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

Mustard Tempest

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
MITREへのリンク →

LazyScripter

Score: 4.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

EXOTIC LILY

Score: 4.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
MITREへのリンク →

APT42

Score: 6.11
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
MITREへのリンク →

BackdoorDiplomacy

Score: 3.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
MITREへのリンク →

Medusa Group

Score: 9.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 10.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.10
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

LAPSUS$

Score: 19.70
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1596.004 - CDNs
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 5.86
Matched TTPs:
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1157 - Dylib Hijacking
MITREへのリンク →

Velvet Ant

Score: 4.14
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

TA551

Score: 4.86
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
MITREへのリンク →

Leafminer

Score: 7.06
Matched TTPs:
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
MITREへのリンク →

APT3

Score: 7.78
Matched TTPs:
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Confucius

Score: 4.31
Matched TTPs:
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
MITREへのリンク →

FIN8

Score: 5.86
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

PLATINUM

Score: 6.63
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1557.003 - DHCP Spoofing
  • T1055.014 - VDSO Hijacking
  • T1606.002 - SAML Tokens
  • T1003.003 - NTDS
  • T1091 - Replication Through Removable Media
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Scattered Spider

Score: 0.65
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1564.003 - Hidden Window
  • T1051 - Shared Webroot
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1087.004 - Cloud Account
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1566.002 - Spearphishing Link
  • T1090.004 - Domain Fronting
  • T1027 - Obfuscated Files or Information
  • T1547.005 - Security Support Provider
MITREへのリンク →

Volt Typhoon

Score: 0.60
Matched TTPs:
  • T1176 - Software Extensions
  • T1045 - Software Packing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.007 - Proc Filesystem
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1574.002 - DLL Side-Loading
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1070.006 - Timestomp
  • T1134.002 - Create Process with Token
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.005 - Security Support Provider
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1557.003 - DHCP Spoofing
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1091 - Replication Through Removable Media
  • T1157 - Dylib Hijacking
  • T1045 - Software Packing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1075 - Pass the Hash
  • T1087.004 - Cloud Account
  • T1027 - Obfuscated Files or Information
  • T1049 - System Network Connections Discovery
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る