Trusted Design

The Latest PlugX Variant Executed by STATICPLUGIN

概要

In January 2026, a new variant of the PlugX malware was observed being used in targeted attacks. Analysis suggests involvement of the UNC6384 APT group, linked to Mustang Panda, targeting government agencies in Southeast Asia. The malware uses a browser updater disguise to download and execute a malicious MSI file, leading to PlugX infection. The STATICPLUGIN downloader uses a revoked code-signing certificate from a Chinese company. The PlugX variant employs DLL sideloading and shellcode execution techniques. Its configuration is encrypted using RC4 and custom encoding. C2 servers were identified as fruitbrat[.]com and 108.165.255[.]97:443. The ongoing improvements to PlugX indicate its continued use in targeted attacks by APT groups.

Created: 2026-03-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 46.87
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 69.79
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1092 - Communication Through Removable Media
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1132.002 - Non-Standard Encoding
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 20.17
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Inception

Score: 14.29
Matched TTPs:
  • T1491.002 - External Defacement
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 6.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 4.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 7.37
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 4.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 19.95
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 6.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1591.004 - Identify Roles
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Leviathan

Score: 18.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sidewinder

Score: 14.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT39

Score: 12.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Lazarus Group

Score: 46.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1218.012 - Verclsid
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

Saint Bear

Score: 9.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
MITREへのリンク →

APT33

Score: 6.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 9.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 19.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 10.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 12.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 18.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Threat Group-3390

Score: 30.20
Matched TTPs:
  • T1491.002 - External Defacement
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

TA2541

Score: 9.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
MITREへのリンク →

Malteiro

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Magic Hound

Score: 34.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 14.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 13.80
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 15.48
Matched TTPs:
  • T1491.002 - External Defacement
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
MITREへのリンク →

Contagious Interview

Score: 35.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Whitefly

Score: 4.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
MITREへのリンク →

menuPass

Score: 14.20
Matched TTPs:
  • T1491.002 - External Defacement
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
MITREへのリンク →

Moses Staff

Score: 10.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 19.70
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1591.004 - Identify Roles
  • T1519 - Emond
MITREへのリンク →

Metador

Score: 5.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

OilRig

Score: 31.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1574.014 - AppDomainManager
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 37.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1092 - Communication Through Removable Media
  • T1592.004 - Client Configurations
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 25.34
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1057 - Process Discovery
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.008 - LSASS Driver
MITREへのリンク →

Axiom

Score: 11.86
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 20.11
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

RedCurl

Score: 17.80
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1574.010 - Services File Permissions Weakness
  • T1059.011 - Lua
  • T1591.004 - Identify Roles
MITREへのリンク →

APT1

Score: 9.83
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Chimera

Score: 21.38
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1574 - Hijack Execution Flow
  • T1591.004 - Identify Roles
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Winter Vivern

Score: 12.66
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN13

Score: 22.95
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1569.002 - Service Execution
MITREへのリンク →

Indrik Spider

Score: 10.20
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

UNC3886

Score: 19.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

LuminousMoth

Score: 12.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 36.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 39.24
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1608.006 - SEO Poisoning
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 7.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Turla

Score: 26.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 13.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN7

Score: 31.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1092 - Communication Through Removable Media
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 22.54
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Scattered Spider

Score: 31.04
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 15.23
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1480 - Execution Guardrails
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Silent Librarian

Score: 9.44
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

ZIRCONIUM

Score: 12.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1591.004 - Identify Roles
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Star Blizzard

Score: 10.50
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 14.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 19.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 14.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Earth Lusca

Score: 26.95
Matched TTPs:
  • T1499.004 - Application or System Exploitation
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Cinnamon Tempest

Score: 8.92
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

MuddyWater

Score: 28.04
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Velvet Ant

Score: 7.00
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1009 - Binary Padding
  • T1569.002 - Service Execution
MITREへのリンク →

RTM

Score: 6.79
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Tonto Team

Score: 7.74
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
MITREへのリンク →

Aquatic Panda

Score: 7.86
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

GALLIUM

Score: 15.09
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
MITREへのリンク →

BRONZE BUTLER

Score: 22.09
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1591.001 - Determine Physical Locations
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 15.02
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

BlackTech

Score: 5.55
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 8.79
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1159 - Launch Agent
MITREへのリンク →

Daggerfly

Score: 9.71
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BackdoorDiplomacy

Score: 10.56
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

APT41

Score: 41.73
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1591.004 - Identify Roles
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

HAFNIUM

Score: 8.03
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1591.004 - Identify Roles
MITREへのリンク →

APT5

Score: 8.03
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1591.004 - Identify Roles
MITREへのリンク →

Molerats

Score: 4.85
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Rancor

Score: 4.24
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1591.004 - Identify Roles
MITREへのリンク →

Machete

Score: 6.01
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT38

Score: 25.03
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

Volt Typhoon

Score: 29.10
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1569.002 - Service Execution
MITREへのリンク →

WIRTE

Score: 5.16
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Gorgon Group

Score: 3.37
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Agrius

Score: 5.76
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1591.004 - Identify Roles
MITREへのリンク →

Gamaredon Group

Score: 31.23
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1092 - Communication Through Removable Media
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

BlackByte

Score: 16.54
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1134.001 - Token Impersonation/Theft
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Rocke

Score: 17.09
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1008 - Fallback Channels
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LazyScripter

Score: 12.11
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

EXOTIC LILY

Score: 10.80
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 14.29
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Ember Bear

Score: 21.82
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

ToddyCat

Score: 7.29
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1591.004 - Identify Roles
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 5.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Akira

Score: 6.88
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Wizard Spider

Score: 14.11
Matched TTPs:
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 14.97
Matched TTPs:
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

LAPSUS$

Score: 23.21
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Carbanak

Score: 3.19
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

Silence

Score: 6.41
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 5.72
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN6

Score: 12.56
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1505 - Server Software Component
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 8.53
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Leafminer

Score: 7.00
Matched TTPs:
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 3.83
Matched TTPs:
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
MITREへのリンク →

TA551

Score: 7.91
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

APT-C-36

Score: 3.14
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

Lotus Blossom

Score: 7.62
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
  • T1569.002 - Service Execution
MITREへのリンク →

Windshift

Score: 9.32
Matched TTPs:
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT37

Score: 6.50
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1213.006 - Databases
  • T1183 - Image File Execution Options Injection
  • T1041 - Exfiltration Over C2 Channel
  • T1092 - Communication Through Removable Media
  • T1601.001 - Patch System Image
  • T1003.003 - NTDS
  • T1037 - Boot or Logon Initialization Scripts
  • T1030 - Data Transfer Size Limits
  • T1027.014 - Polymorphic Code
  • T1608 - Stage Capabilities
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1051 - Shared Webroot
  • T1059.011 - Lua
  • T1055.014 - VDSO Hijacking
  • T1008 - Fallback Channels
  • T1591.004 - Identify Roles
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1606.002 - SAML Tokens
  • T1132.002 - Non-Standard Encoding
  • T1009 - Binary Padding
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る