Trusted Design

The Latest PlugX Variant Executed by STATICPLUGIN

概要

In January 2026, a new variant of the PlugX malware was observed being used in targeted attacks. Analysis suggests involvement of the UNC6384 APT group, linked to Mustang Panda, targeting government agencies in Southeast Asia. The malware uses a browser updater disguise to download and execute a malicious MSI file, leading to PlugX infection. The STATICPLUGIN downloader uses a revoked code-signing certificate from a Chinese company. The PlugX variant employs DLL sideloading and shellcode execution techniques. Its configuration is encrypted using RC4 and custom encoding. C2 servers were identified as fruitbrat[.]com and 108.165.255[.]97:443. The ongoing improvements to PlugX indicate its continued use in targeted attacks by APT groups.

Created: 2026-03-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 46.87
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Kimsuky

Score: 69.79
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1027.016 - Junk Code Insertion
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1111 - Multi-Factor Authentication Interception
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 20.17
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Inception

Score: 14.29
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 6.84
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 4.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 7.37
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 4.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT28

Score: 19.95
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 6.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.003 - Windows Command Shell
  • T1053.002 - At
MITREへのリンク →

Leviathan

Score: 18.31
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Sidewinder

Score: 14.23
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

APT39

Score: 12.92
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

Lazarus Group

Score: 46.19
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1560.002 - Archive via Library
  • T1218 - System Binary Proxy Execution
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1218.005 - Mshta
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

Saint Bear

Score: 9.05
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT33

Score: 6.46
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BITTER

Score: 9.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 19.41
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Higaisa

Score: 10.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT19

Score: 12.12
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 18.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Threat Group-3390

Score: 30.20
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1560.002 - Archive via Library
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1053.002 - At
MITREへのリンク →

TA2541

Score: 9.21
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1588.002 - Tool
MITREへのリンク →

Malteiro

Score: 3.16
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Magic Hound

Score: 34.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 14.60
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 13.80
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tropic Trooper

Score: 15.48
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
MITREへのリンク →

Contagious Interview

Score: 35.65
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1204.005 - Malicious Library
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Whitefly

Score: 4.18
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1588.002 - Tool
MITREへのリンク →

menuPass

Score: 14.20
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Moses Staff

Score: 10.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 19.70
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.003 - Windows Command Shell
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Metador

Score: 5.86
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

OilRig

Score: 31.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1555.004 - Windows Credential Manager
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 37.56
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1027.016 - Junk Code Insertion
  • T1550.003 - Pass the Ticket
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Moonstone Sleet

Score: 25.34
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1591 - Gather Victim Org Information
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Axiom

Score: 11.86
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 20.11
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

RedCurl

Score: 17.80
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1056.002 - GUI Input Capture
  • T1027 - Obfuscated Files or Information
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT1

Score: 9.83
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1585.002 - Email Accounts
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Chimera

Score: 21.38
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1110.004 - Credential Stuffing
  • T1059.003 - Windows Command Shell
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Winter Vivern

Score: 12.66
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1584.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN13

Score: 22.95
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1134.003 - Make and Impersonate Token
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1090.001 - Internal Proxy
MITREへのリンク →

Indrik Spider

Score: 10.20
Matched TTPs:
  • T1587.001 - Malware
  • T1585.002 - Email Accounts
  • T1552.001 - Credentials In Files
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
MITREへのリンク →

UNC3886

Score: 19.08
Matched TTPs:
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

LuminousMoth

Score: 12.96
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

Sandworm Team

Score: 36.10
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 39.24
Matched TTPs:
  • T1587.001 - Malware
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1550.003 - Pass the Ticket
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1665 - Hide Infrastructure
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Play

Score: 7.23
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Turla

Score: 26.59
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1090.001 - Internal Proxy
MITREへのリンク →

Ke3chang

Score: 13.07
Matched TTPs:
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1059.003 - Windows Command Shell
MITREへのリンク →

FIN7

Score: 31.29
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1027.016 - Junk Code Insertion
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Medusa Group

Score: 22.54
Matched TTPs:
  • T1652 - Device Driver Discovery
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Scattered Spider

Score: 31.04
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

Storm-0501

Score: 15.23
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1098.001 - Additional Cloud Credentials
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
MITREへのリンク →

Silent Librarian

Score: 9.44
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

ZIRCONIUM

Score: 12.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1665 - Hide Infrastructure
MITREへのリンク →

Star Blizzard

Score: 10.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
MITREへのリンク →

CURIUM

Score: 14.42
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 19.65
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Patchwork

Score: 14.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Earth Lusca

Score: 26.95
Matched TTPs:
  • T1547.012 - Print Processors
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cinnamon Tempest

Score: 8.92
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

MuddyWater

Score: 28.04
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Velvet Ant

Score: 7.00
Matched TTPs:
  • T1574.001 - DLL
  • T1562.004 - Disable or Modify System Firewall
  • T1090.001 - Internal Proxy
MITREへのリンク →

RTM

Score: 6.79
Matched TTPs:
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Tonto Team

Score: 7.74
Matched TTPs:
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Aquatic Panda

Score: 7.86
Matched TTPs:
  • T1574.001 - DLL
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

GALLIUM

Score: 15.09
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BRONZE BUTLER

Score: 22.09
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1053.002 - At
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT3

Score: 15.02
Matched TTPs:
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1552.001 - Credentials In Files
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BlackTech

Score: 5.55
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

SideCopy

Score: 8.79
Matched TTPs:
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1518 - Software Discovery
MITREへのリンク →

Daggerfly

Score: 9.71
Matched TTPs:
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
MITREへのリンク →

BackdoorDiplomacy

Score: 10.56
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT41

Score: 41.73
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1059.003 - Windows Command Shell
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

HAFNIUM

Score: 8.03
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT5

Score: 8.03
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Molerats

Score: 4.85
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Rancor

Score: 4.24
Matched TTPs:
  • T1218.007 - Msiexec
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Machete

Score: 6.01
Matched TTPs:
  • T1218.007 - Msiexec
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT38

Score: 25.03
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1565.002 - Transmitted Data Manipulation
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

Volt Typhoon

Score: 29.10
Matched TTPs:
  • T1070.007 - Clear Network Connection History and Configurations
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

WIRTE

Score: 5.16
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 3.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Agrius

Score: 5.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Gamaredon Group

Score: 31.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027.016 - Junk Code Insertion
  • T1090 - Proxy
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

BlackByte

Score: 16.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1134.003 - Make and Impersonate Token
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Rocke

Score: 17.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 12.11
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

EXOTIC LILY

Score: 10.80
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 14.29
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Ember Bear

Score: 21.82
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

ToddyCat

Score: 7.29
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1059.003 - Windows Command Shell
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 5.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Akira

Score: 6.88
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Wizard Spider

Score: 14.11
Matched TTPs:
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Cobalt Group

Score: 14.97
Matched TTPs:
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

LAPSUS$

Score: 23.21
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Carbanak

Score: 3.19
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
MITREへのリンク →

Silence

Score: 6.41
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Andariel

Score: 5.72
Matched TTPs:
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN6

Score: 12.56
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN8

Score: 8.53
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Leafminer

Score: 7.00
Matched TTPs:
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 3.83
Matched TTPs:
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA551

Score: 7.91
Matched TTPs:
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1056.002 - GUI Input Capture
MITREへのリンク →

APT-C-36

Score: 3.14
Matched TTPs:
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Lotus Blossom

Score: 7.62
Matched TTPs:
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1090.001 - Internal Proxy
MITREへのリンク →

Windshift

Score: 9.32
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT37

Score: 6.50
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1552.001 - Credentials In Files
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1534 - Internal Spearphishing
  • T1656 - Impersonation
  • T1218.005 - Mshta
  • T1071.002 - File Transfer Protocols
  • T1505.003 - Web Shell
  • T1027.012 - LNK Icon Smuggling
  • T1059.003 - Windows Command Shell
  • T1027.016 - Junk Code Insertion
  • T1218.010 - Regsvr32
  • T1585.002 - Email Accounts
  • T1591 - Gather Victim Org Information
  • T1027.010 - Command Obfuscation
  • T1190 - Exploit Public-Facing Application
  • T1598.003 - Spearphishing Link
  • T1588.005 - Exploits
  • T1562.004 - Disable or Modify System Firewall
  • T1102.001 - Dead Drop Resolver
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1176.001 - Browser Extensions
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る