Trusted Design

Malicious Go 'crypto' Module Steals Passwords and Deploys Rekoobe Backdoor

概要

A malicious Go module impersonating the legitimate golang.org/x/crypto has been discovered, containing a backdoor in ssh/terminal/terminal.go. This module captures passwords, exfiltrates them, and executes remote commands. The attack chain includes a Linux stager that installs an SSH key for persistence, weakens firewall settings, and deploys a Rekoobe backdoor. The campaign targets high-trust cryptography libraries and likely aims at cloud environments. The threat actor uses GitHub for staging and disguises payloads as media files. This sophisticated supply chain attack highlights the need for careful scrutiny of Go module changes and implementation of robust security measures in development workflows.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 20.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1218.008 - Odbcconf
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 12.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Wizard Spider

Score: 14.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT33

Score: 9.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1051 - Shared Webroot
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

Fox Kitten

Score: 21.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1656 - Impersonation
MITREへのリンク →

Volt Typhoon

Score: 45.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1567 - Exfiltration Over Web Service
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1535 - Unused/Unsupported Cloud Regions
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1057 - Process Discovery
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT1

Score: 3.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Mustang Panda

Score: 38.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1562.006 - Indicator Blocking
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

Play

Score: 11.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Chimera

Score: 9.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1574 - Hijack Execution Flow
MITREへのリンク →

Gallmaker

Score: 3.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1059.011 - Lua
MITREへのリンク →

Sea Turtle

Score: 17.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.003 - Application Exhaustion Flood
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 19.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1599 - Network Boundary Bridging
MITREへのリンク →

RedCurl

Score: 16.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1574.010 - Services File Permissions Weakness
  • T1059.011 - Lua
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT5

Score: 18.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1165 - Startup Items
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

Agrius

Score: 15.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 14.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
MITREへのリンク →

APT41

Score: 45.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.004 - Private Keys
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1097 - Pass the Ticket
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1574.009 - Path Interception by Unquoted Path
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

MuddyWater

Score: 25.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT28

Score: 31.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1097 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1146 - Clear Command History
MITREへのリンク →

Turla

Score: 21.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1546.016 - Installer Packages
MITREへのリンク →

BRONZE BUTLER

Score: 7.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

UNC3886

Score: 28.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 50.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
MITREへのリンク →

APT3

Score: 14.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN8

Score: 8.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Ke3chang

Score: 18.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
MITREへのリンク →

FIN13

Score: 24.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Earth Lusca

Score: 22.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 30.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
MITREへのリンク →

Aquatic Panda

Score: 9.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1165 - Startup Items
  • T1552.004 - Private Keys
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 7.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 6.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Inception

Score: 6.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 5.95
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

Leviathan

Score: 24.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Sidewinder

Score: 9.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
MITREへのリンク →

Lazarus Group

Score: 35.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1546.016 - Installer Packages
MITREへのリンク →

Saint Bear

Score: 14.43
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BITTER

Score: 10.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 11.79
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Higaisa

Score: 10.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

APT19

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Threat Group-3390

Score: 22.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

TA2541

Score: 12.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Malteiro

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Storm-1811

Score: 14.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Blue Mockingbird

Score: 7.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1001.001 - Junk Data
MITREへのリンク →

Tropic Trooper

Score: 14.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Contagious Interview

Score: 41.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1218.008 - Odbcconf
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1221 - Template Injection
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 9.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

TeamTNT

Score: 37.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1071.003 - Mail Protocols
  • T1535 - Unused/Unsupported Cloud Regions
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1137.003 - Outlook Forms
  • T1519 - Emond
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 28.80
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT32

Score: 24.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

Moonstone Sleet

Score: 22.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Daggerfly

Score: 5.43
Matched TTPs:
  • T1584.008 - Network Devices
  • T1546.016 - Installer Packages
MITREへのリンク →

APT29

Score: 35.69
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Dragonfly

Score: 22.62
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Ember Bear

Score: 25.58
Matched TTPs:
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
  • T1519 - Emond
MITREへのリンク →

Axiom

Score: 14.63
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 23.32
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
  • T1097 - Pass the Ticket
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Indrik Spider

Score: 19.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
MITREへのリンク →

LuminousMoth

Score: 14.63
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Sandworm Team

Score: 43.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
MITREへのリンク →

Salt Typhoon

Score: 20.15
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1498 - Network Denial of Service
MITREへのリンク →

Aoqin Dragon

Score: 4.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN7

Score: 33.67
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Scattered Spider

Score: 58.73
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1165 - Startup Items
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1535 - Unused/Unsupported Cloud Regions
  • T1019 - System Firmware
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1498 - Network Denial of Service
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 17.75
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1535 - Unused/Unsupported Cloud Regions
  • T1218.005 - Mshta
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Rocke

Score: 26.22
Matched TTPs:
  • T1497.001 - System Checks
  • T1165 - Startup Items
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1535 - Unused/Unsupported Cloud Regions
  • T1552.004 - Private Keys
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
MITREへのリンク →

Silent Librarian

Score: 11.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
MITREへのリンク →

ZIRCONIUM

Score: 10.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Star Blizzard

Score: 9.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

CURIUM

Score: 15.39
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Patchwork

Score: 5.25
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 5.20
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 3.36
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
MITREへのリンク →

APT38

Score: 15.97
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Gamaredon Group

Score: 27.03
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
MITREへのリンク →

Winter Vivern

Score: 14.47
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

BlackByte

Score: 17.32
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cinnamon Tempest

Score: 3.04
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Mustard Tempest

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
MITREへのリンク →

LazyScripter

Score: 6.33
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
MITREへのリンク →

SideCopy

Score: 4.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
MITREへのリンク →

EXOTIC LILY

Score: 8.28
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 18.02
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1183 - Image File Execution Options Injection
  • T1599 - Network Boundary Bridging
  • T1128 - Netsh Helper DLL
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BackdoorDiplomacy

Score: 5.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059.011 - Lua
MITREへのリンク →

Medusa Group

Score: 22.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

Cobalt Group

Score: 10.47
Matched TTPs:
  • T1518.002 - Backup Software Discovery
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

LAPSUS$

Score: 34.00
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1619 - Cloud Storage Object Discovery
  • T1039 - Data from Network Shared Drive
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
MITREへのリンク →

Velvet Ant

Score: 8.18
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

Tonto Team

Score: 5.35
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

TA551

Score: 4.86
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
MITREへのリンク →

Leafminer

Score: 8.36
Matched TTPs:
  • T1101 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
MITREへのリンク →

Confucius

Score: 9.12
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

FIN6

Score: 6.64
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT37

Score: 3.78
Matched TTPs:
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1564.003 - Hidden Window
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1547.005 - Security Support Provider
  • T1583.001 - Domains
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1027.002 - Software Packing
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1498 - Network Denial of Service
  • T1219.001 - IDE Tunneling
  • T1165 - Startup Items
  • T1019 - System Firmware
  • T1566.002 - Spearphishing Link
  • T1535 - Unused/Unsupported Cloud Regions
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1059.011 - Lua
  • T1555.003 - Credentials from Web Browsers
  • T1560.001 - Archive via Utility
  • T1656 - Impersonation
  • T1055.014 - VDSO Hijacking
  • T1009 - Binary Padding
  • T1057 - Process Discovery
  • T1183 - Image File Execution Options Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1059.010 - AutoHotKey & AutoIT
  • T1557.003 - DHCP Spoofing
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る