Trusted Design

Abusing .arpa: The TLD That Isn't Supposed to Host Anything

概要

Threat actors have discovered a novel method to bypass security controls by abusing the .arpa top-level domain (TLD) in conjunction with IPv6 tunnels. They are exploiting a feature in DNS record management of certain providers to add IP address records for .arpa domains, allowing them to host phishing content on domains that should not resolve to an IP address. The phishing campaigns use spam emails impersonating major brands, with hyperlinked images leading to malicious websites through traffic distribution systems. This technique weaponizes trusted infrastructure essential for network operations, making it challenging for security tools to detect suspicious domains based on reputation, registration information, or policy blocklists.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 37.52
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1588.004 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 87.91
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1596 - Search Open Technical Databases
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1589.003 - Employee Names
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1102.001 - Dead Drop Resolver
  • T1584.001 - Domains
MITREへのリンク →

Sea Turtle

Score: 31.87
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1588.004 - Digital Certificates
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1583.001 - Domains
  • T1583.003 - Virtual Private Server
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
MITREへのリンク →

Ember Bear

Score: 24.28
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1583.003 - Virtual Private Server
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1585 - Establish Accounts
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Indrik Spider

Score: 22.37
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1585.002 - Email Accounts
  • T1552.001 - Credentials In Files
  • T1590 - Gather Victim Network Information
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1078.002 - Domain Accounts
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 9.71
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
MITREへのリンク →

Contagious Interview

Score: 47.20
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1585 - Establish Accounts
  • T1543.001 - Launch Agent
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 74.98
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1213.006 - Databases
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1589.003 - Employee Names
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1590.001 - Domain Properties
MITREへのリンク →

Star Blizzard

Score: 25.20
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
MITREへのリンク →

Volt Typhoon

Score: 65.99
Matched TTPs:
  • T1592 - Gather Victim Host Information
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1590.004 - Network Topology
  • T1584.003 - Virtual Private Server
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1590 - Gather Victim Network Information
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1078.002 - Domain Accounts
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1596.005 - Scan Databases
MITREへのリンク →

Andariel

Score: 10.92
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Magic Hound

Score: 62.35
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1482 - Domain Trust Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1078.002 - Domain Accounts
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
  • T1584.001 - Domains
MITREへのリンク →

HAFNIUM

Score: 31.62
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1583.005 - Botnet
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1590 - Gather Victim Network Information
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

APT41

Score: 49.01
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA551

Score: 9.00
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
MITREへのリンク →

APT28

Score: 45.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
  • T1596 - Search Open Technical Databases
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1498 - Network Denial of Service
MITREへのリンク →

ZIRCONIUM

Score: 26.69
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1665 - Hide Infrastructure
MITREへのリンク →

Leviathan

Score: 36.46
Matched TTPs:
  • T1584.008 - Network Devices
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

Mustard Tempest

Score: 14.28
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1584.001 - Domains
MITREへのリンク →

Daggerfly

Score: 5.43
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1584.004 - Server
MITREへのリンク →

GALLIUM

Score: 7.22
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

APT29

Score: 43.47
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1586.002 - Email Accounts
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1665 - Hide Infrastructure
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 18.49
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1590.004 - Network Topology
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
MITREへのリンク →

Dragonfly

Score: 38.21
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1187 - Forced Authentication
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

Ke3chang

Score: 15.11
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1583.005 - Botnet
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

APT5

Score: 11.76
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078.002 - Domain Accounts
MITREへのリンク →

menuPass

Score: 10.04
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.001 - Domains
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Threat Group-3390

Score: 17.33
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Wizard Spider

Score: 23.56
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Silent Librarian

Score: 24.34
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1588.004 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1589.003 - Employee Names
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

EXOTIC LILY

Score: 17.05
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

Lazarus Group

Score: 47.44
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1591 - Gather Victim Org Information
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

UNC3886

Score: 31.25
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1675 - ESXi Administration Command
  • T1040 - Network Sniffing
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 14.75
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
MITREへのリンク →

BlackTech

Score: 6.09
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Axiom

Score: 19.48
Matched TTPs:
  • T1583.002 - DNS Server
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

HEXANE

Score: 30.59
Matched TTPs:
  • T1583.002 - DNS Server
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
MITREへのリンク →

Chimera

Score: 25.71
Matched TTPs:
  • T1071.004 - DNS
  • T1016 - System Network Configuration Discovery
  • T1482 - Domain Trust Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1201 - Password Policy Discovery
  • T1589.001 - Credentials
  • T1078.002 - Domain Accounts
  • T1556.001 - Domain Controller Authentication
MITREへのリンク →

LazyScripter

Score: 12.04
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

Cobalt Group

Score: 11.91
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1218.003 - CMSTP
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

OilRig

Score: 40.25
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1201 - Password Policy Discovery
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT39

Score: 9.31
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Tropic Trooper

Score: 8.74
Matched TTPs:
  • T1071.004 - DNS
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT18

Score: 5.47
Matched TTPs:
  • T1071.004 - DNS
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

FIN7

Score: 36.42
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
MITREへのリンク →

Scattered Spider

Score: 48.76
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1021.007 - Cloud Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
MITREへのリンク →

Storm-0501

Score: 15.34
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1482 - Domain Trust Discovery
  • T1036.004 - Masquerade Task or Service
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

FIN6

Score: 13.56
Matched TTPs:
  • T1213.006 - Databases
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 38.27
Matched TTPs:
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1201 - Password Policy Discovery
  • T1102.002 - Bidirectional Communication
  • T1555.004 - Windows Credential Manager
  • T1584.004 - Server
MITREへのリンク →

MuddyWater

Score: 22.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.003 - CMSTP
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 8.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sidewinder

Score: 14.13
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Transparent Tribe

Score: 10.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1584.001 - Domains
MITREへのリンク →

FIN8

Score: 10.24
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1482 - Domain Trust Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT32

Score: 30.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT3

Score: 15.54
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
MITREへのリンク →

APT1

Score: 11.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1584.001 - Domains
MITREへのリンク →

APT33

Score: 12.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 3.97
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA2541

Score: 11.09
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Earth Lusca

Score: 24.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1482 - Domain Trust Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1584.004 - Server
MITREへのリンク →

RedCurl

Score: 5.27
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
MITREへのリンク →

Storm-1811

Score: 22.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1482 - Domain Trust Discovery
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
MITREへのリンク →

Patchwork

Score: 9.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA505

Score: 13.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1078.002 - Domain Accounts
MITREへのリンク →

APT42

Score: 18.38
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1656 - Impersonation
MITREへのリンク →

Moonstone Sleet

Score: 26.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

CURIUM

Score: 17.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Velvet Ant

Score: 10.21
Matched TTPs:
  • T1040 - Network Sniffing
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Salt Typhoon

Score: 9.22
Matched TTPs:
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

DarkVishnya

Score: 3.03
Matched TTPs:
  • T1040 - Network Sniffing
MITREへのリンク →

LAPSUS$

Score: 42.55
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
MITREへのリンク →

IndigoZebra

Score: 6.20
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
  • T1583.006 - Web Services
MITREへのリンク →

TeamTNT

Score: 18.79
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Gamaredon Group

Score: 29.80
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

SideCopy

Score: 12.69
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1584.001 - Domains
MITREへのリンク →

BlackByte

Score: 25.02
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
  • T1482 - Domain Trust Discovery
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1078.002 - Domain Accounts
MITREへのリンク →

BITTER

Score: 9.18
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036.004 - Masquerade Task or Service
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 12.83
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

Akira

Score: 13.03
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1482 - Domain Trust Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT38

Score: 21.53
Matched TTPs:
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Winter Vivern

Score: 11.06
Matched TTPs:
  • T1583.001 - Domains
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1584.006 - Web Services
MITREへのリンク →

MoustachedBouncer

Score: 8.97
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Higaisa

Score: 9.60
Matched TTPs:
  • T1029 - Scheduled Transfer
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Carbanak

Score: 8.26
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Rocke

Score: 7.42
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

ToddyCat

Score: 10.18
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078.002 - Domain Accounts
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 18.59
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Leafminer

Score: 8.36
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
MITREへのリンク →

Play

Score: 8.28
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
MITREへのリンク →

admin@338

Score: 6.00
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Lotus Blossom

Score: 7.43
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1482 - Domain Trust Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Stealth Falcon

Score: 5.09
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Naikon

Score: 5.85
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1078.002 - Domain Accounts
MITREへのリンク →

Darkhotel

Score: 4.26
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1546.008 - Accessibility Features
MITREへのリンク →

Fox Kitten

Score: 16.41
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1585 - Establish Accounts
MITREへのリンク →

Cinnamon Tempest

Score: 6.05
Matched TTPs:
  • T1090 - Proxy
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
MITREへのリンク →

Windigo

Score: 3.64
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1542.002 - Component Firmware
MITREへのリンク →

Inception

Score: 5.13
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dark Caracal

Score: 3.82
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BRONZE BUTLER

Score: 7.88
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Aquatic Panda

Score: 6.18
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
MITREへのリンク →

BackdoorDiplomacy

Score: 3.83
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
MITREへのリンク →

INC Ransom

Score: 10.58
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

Tonto Team

Score: 3.59
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1187 - Forced Authentication
MITREへのリンク →

APT37

Score: 7.51
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Volatile Cedar

Score: 4.13
Matched TTPs:
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1071.002 - File Transfer Protocols
  • T1562.001 - Disable or Modify Tools
  • T1552.001 - Credentials In Files
  • T1534 - Internal Spearphishing
  • T1589.003 - Employee Names
  • T1562.004 - Disable or Modify System Firewall
  • T1596 - Search Open Technical Databases
  • T1036.004 - Masquerade Task or Service
  • T1594 - Search Victim-Owned Websites
  • T1218.005 - Mshta
  • T1102.002 - Bidirectional Communication
  • T1589.002 - Email Addresses
  • T1598 - Phishing for Information
  • T1083 - File and Directory Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1557 - Adversary-in-the-Middle
  • T1583.001 - Domains
  • T1566 - Phishing
  • T1585.002 - Email Accounts
  • T1583.006 - Web Services
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1591 - Gather Victim Org Information
  • T1656 - Impersonation
  • T1016 - System Network Configuration Discovery
  • T1583 - Acquire Infrastructure
  • T1593 - Search Open Websites/Domains
  • T1584.001 - Domains
  • T1585 - Establish Accounts
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sandworm Team

Score: 0.60
Matched TTPs:
  • T1589.003 - Employee Names
  • T1592.002 - Software
  • T1594 - Search Victim-Owned Websites
  • T1102.002 - Bidirectional Communication
  • T1090 - Proxy
  • T1213.006 - Databases
  • T1589.002 - Email Addresses
  • T1584.005 - Botnet
  • T1486 - Data Encrypted for Impact
  • T1078 - Valid Accounts
  • T1083 - File and Directory Discovery
  • T1608.001 - Upload Malware
  • T1078.002 - Domain Accounts
  • T1586.001 - Social Media Accounts
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1591.002 - Business Relationships
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1584.004 - Server
  • T1499 - Endpoint Denial of Service
  • T1583 - Acquire Infrastructure
  • T1593 - Search Open Websites/Domains
  • T1203 - Exploitation for Client Execution
  • T1590.001 - Domain Properties
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る