Trusted Design

Nation-State Actors Exploit Notepad++ Supply Chain

概要

Between June and December 2025, state-sponsored threat group Lotus Blossom compromised the hosting infrastructure for Notepad++, allowing them to intercept and redirect update traffic. This enabled selective targeting of users primarily in Southeast Asian government, telecommunications and critical infrastructure sectors. Two infection chains were identified - one using Lua script injection to deliver Cobalt Strike and another using DLL side-loading for a Chrysalis backdoor. The campaign affected additional sectors across South America, US, Europe and Southeast Asia including cloud hosting, energy, financial, government, manufacturing and software development. The attack exploited insufficient verification in older versions of the Notepad++ updater to serve malicious installers to targeted victims.

Created: 2026-03-14

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 47.77
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 48.65
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 26.36
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1588.004 - Digital Certificates
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 27.70
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 13.53
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 8.89
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 24.00
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 55.57
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 18.96
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Daggerfly

Score: 11.48
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

GALLIUM

Score: 8.07
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

APT29

Score: 36.63
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 17.10
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1134.003 - Make and Impersonate Token
  • T1588.002 - Tool
MITREへのリンク →

Dragonfly

Score: 35.29
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Ke3chang

Score: 15.31
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

APT41

Score: 40.49
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT5

Score: 10.94
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

menuPass

Score: 12.12
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Threat Group-3390

Score: 23.11
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Wizard Spider

Score: 15.31
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1518.002 - Backup Software Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 11.73
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Lazarus Group

Score: 34.19
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 26.20
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1675 - ESXi Administration Command
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 17.03
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 8.32
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Axiom

Score: 17.82
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 24.82
Matched TTPs:
  • T1583.002 - DNS Server
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
MITREへのリンク →

Moonstone Sleet

Score: 14.32
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 33.03
Matched TTPs:
  • T1587.001 - Malware
  • T1556.002 - Password Filter DLL
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 8.94
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
MITREへのリンク →

Aoqin Dragon

Score: 5.74
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 6.81
Matched TTPs:
  • T1587.001 - Malware
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 6.76
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 31.98
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1584.003 - Virtual Private Server
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

TeamTNT

Score: 11.24
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

FIN7

Score: 30.12
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 40.18
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1021.007 - Cloud Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1556.006 - Multi-Factor Authentication
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
MITREへのリンク →

Storm-0501

Score: 15.92
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

FIN6

Score: 16.11
Matched TTPs:
  • T1213.006 - Databases
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1134 - Access Token Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 15.32
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

ZIRCONIUM

Score: 14.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 20.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 38.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1591.001 - Determine Physical Locations
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT28

Score: 26.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

CURIUM

Score: 10.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 14.56
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

HAFNIUM

Score: 8.63
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1556.002 - Password Filter DLL
MITREへのリンク →

Volt Typhoon

Score: 25.60
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

LAPSUS$

Score: 28.74
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1588.001 - Malware
  • T1552.008 - Chat Messages
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1213.003 - Code Repositories
MITREへのリンク →

IndigoZebra

Score: 5.53
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

TA577

Score: 4.03
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 20.77
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

TA2541

Score: 12.79
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 25.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 5.10
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 10.14
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Gamaredon Group

Score: 25.41
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 10.68
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

TA505

Score: 12.83
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 15.48
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

BITTER

Score: 4.32
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 8.64
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 7.35
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 4.88
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
MITREへのリンク →

Rocke

Score: 12.51
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

BackdoorDiplomacy

Score: 6.51
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Medusa Group

Score: 17.67
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Fox Kitten

Score: 10.23
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
MITREへのリンク →

Cinnamon Tempest

Score: 3.74
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

ToddyCat

Score: 9.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 6.16
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
MITREへのリンク →

Winter Vivern

Score: 9.52
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 9.62
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

MuddyWater

Score: 32.05
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT39

Score: 8.80
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
MITREへのリンク →

Akira

Score: 10.10
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Cobalt Group

Score: 10.76
Matched TTPs:
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT38

Score: 20.37
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Velvet Ant

Score: 11.30
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

APT3

Score: 11.23
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 7.18
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Leafminer

Score: 5.97
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT37

Score: 7.71
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Molerats

Score: 3.41
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1204.001 - Malicious Link
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 10.78
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1546.008 - Accessibility Features
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

APT1

Score: 5.04
Matched TTPs:
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

Aquatic Panda

Score: 5.10
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Andariel

Score: 11.30
Matched TTPs:
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Chimera

Score: 5.31
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

admin@338

Score: 4.53
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Tropic Trooper

Score: 7.27
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 5.59
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lotus Blossom

Score: 7.73
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
MITREへのリンク →

Darkhotel

Score: 4.56
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 8.51
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Windigo

Score: 5.81
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 13.24
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

POLONIUM

Score: 6.68
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-1811

Score: 10.25
Matched TTPs:
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1667 - Email Bombing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN8

Score: 5.97
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Transparent Tribe

Score: 4.62
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 4.62
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Windshift

Score: 8.39
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1598.003 - Spearphishing Link
  • T1584.004 - Server
  • T1102.002 - Bidirectional Communication
  • T1190 - Exploit Public-Facing Application
  • T1491.002 - External Defacement
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1587.001 - Malware
  • T1195.002 - Compromise Software Supply Chain
  • T1583 - Acquire Infrastructure
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1499 - Endpoint Denial of Service
  • T1591.002 - Business Relationships
  • T1213.006 - Databases
  • T1049 - System Network Connections Discovery
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1083 - File and Directory Discovery
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1583.006 - Web Services
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1586.002 - Email Accounts
  • T1218.005 - Mshta
  • T1562.004 - Disable or Modify System Firewall
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
  • T1204.001 - Malicious Link
  • T1071.002 - File Transfer Protocols
  • T1557 - Adversary-in-the-Middle
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1534 - Internal Spearphishing
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1176.002 - IDE Extensions
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1586.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1204.001 - Malicious Link
  • T1608.001 - Upload Malware
  • T1027.007 - Dynamic API Resolution
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.004 - Digital Certificates
  • T1557 - Adversary-in-the-Middle
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る