Trusted Design

Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks

概要

The report details the resurgence of the Funnull cybercriminal group, now utilizing a new arsenal called RingH23. It exposes their tactics, including compromising GoEdge CDN nodes, poisoning the MacCMS supply chain, and deploying sophisticated malware components like Badredis2s, Badnginx2s, and Badhide2s. The group has expanded its operations to inject malicious JavaScript, hijack cryptocurrency transactions, and redirect traffic to fraudulent sites. The campaign's impact is estimated to affect millions of users daily. The report also highlights Funnull's use of a suspicious new CDN infrastructure, CDN1.AI, likely created to evade detection.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Magic Hound

Score: 37.44
Matched TTPs:
  • T1056.001 - Keylogging
  • T1590.005 - IP Addresses
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1591.001 - Determine Physical Locations
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT39

Score: 8.58
Matched TTPs:
  • T1056.001 - Keylogging
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT38

Score: 24.98
Matched TTPs:
  • T1056.001 - Keylogging
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1565.002 - Transmitted Data Manipulation
  • T1204.001 - Malicious Link
MITREへのリンク →

Volt Typhoon

Score: 44.63
Matched TTPs:
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1591.004 - Identify Roles
  • T1018 - Remote System Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

Ajax Security Team

Score: 6.51
Matched TTPs:
  • T1056.001 - Keylogging
  • T1555.003 - Credentials from Web Browsers
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT28

Score: 24.97
Matched TTPs:
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
MITREへのリンク →

menuPass

Score: 14.83
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

APT5

Score: 14.04
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Tonto Team

Score: 4.03
Matched TTPs:
  • T1056.001 - Keylogging
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Threat Group-3390

Score: 18.65
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 31.30
Matched TTPs:
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1491.001 - Internal Defacement
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 9.16
Matched TTPs:
  • T1056.001 - Keylogging
  • T1055 - Process Injection
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

FIN4

Score: 4.72
Matched TTPs:
  • T1056.001 - Keylogging
  • T1078 - Valid Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 46.59
Matched TTPs:
  • T1056.001 - Keylogging
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 57.74
Matched TTPs:
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1564.002 - Hidden Users
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1111 - Multi-Factor Authentication Interception
  • T1204.001 - Malicious Link
MITREへのリンク →

OilRig

Score: 28.36
Matched TTPs:
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1556.002 - Password Filter DLL
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 20.12
Matched TTPs:
  • T1056.001 - Keylogging
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

HEXANE

Score: 27.95
Matched TTPs:
  • T1056.001 - Keylogging
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1591.004 - Identify Roles
  • T1018 - Remote System Discovery
MITREへのリンク →

APT32

Score: 33.26
Matched TTPs:
  • T1056.001 - Keylogging
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 14.58
Matched TTPs:
  • T1056.001 - Keylogging
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN13

Score: 22.28
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1049 - System Network Connections Discovery
  • T1134.003 - Make and Impersonate Token
  • T1588.002 - Tool
  • T1565 - Data Manipulation
MITREへのリンク →

Ke3chang

Score: 17.49
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

APT41

Score: 51.06
Matched TTPs:
  • T1056.001 - Keylogging
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1496.001 - Compute Hijacking
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
MITREへのリンク →

Contagious Interview

Score: 35.95
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1204.005 - Malicious Library
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 18.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
MITREへのリンク →

Andariel

Score: 5.58
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1049 - System Network Connections Discovery
MITREへのリンク →

HAFNIUM

Score: 19.09
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
MITREへのリンク →

TA551

Score: 9.22
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
MITREへのリンク →

ZIRCONIUM

Score: 15.03
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 14.24
Matched TTPs:
  • T1584.008 - Network Devices
  • T1190 - Exploit Public-Facing Application
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 10.90
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 7.24
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
  • T1204.001 - Malicious Link
MITREへのリンク →

GALLIUM

Score: 12.90
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

APT29

Score: 29.11
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1090.004 - Domain Fronting
  • T1027.006 - HTML Smuggling
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 27.31
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1564.002 - Hidden Users
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Agrius

Score: 7.40
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
MITREへのリンク →

Wizard Spider

Score: 16.56
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Sea Turtle

Score: 19.88
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1608.003 - Install Digital Certificate
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 13.65
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
MITREへのリンク →

Moonstone Sleet

Score: 18.12
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 13.04
Matched TTPs:
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1136 - Create Account
  • T1018 - Remote System Discovery
MITREへのリンク →

UNC3886

Score: 21.06
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

LuminousMoth

Score: 13.16
Matched TTPs:
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 18.17
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

Play

Score: 9.18
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

RedCurl

Score: 8.03
Matched TTPs:
  • T1587.001 - Malware
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 6.76
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 26.55
Matched TTPs:
  • T1587.001 - Malware
  • T1584.003 - Virtual Private Server
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustang Panda

Score: 32.06
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1588.002 - Tool
  • T1052.001 - Exfiltration over USB
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

TeamTNT

Score: 24.06
Matched TTPs:
  • T1587.001 - Malware
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1610 - Deploy Container
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

FIN7

Score: 29.98
Matched TTPs:
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1591.004 - Identify Roles
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 48.88
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Storm-0501

Score: 10.69
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 9.78
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 8.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Star Blizzard

Score: 13.26
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 11.64
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1584.006 - Web Services
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 6.72
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 4.39
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1204.001 - Malicious Link
MITREへのリンク →

Velvet Ant

Score: 14.80
Matched TTPs:
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT33

Score: 10.82
Matched TTPs:
  • T1040 - Network Sniffing
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1204.001 - Malicious Link
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
MITREへのリンク →

Rocke

Score: 24.49
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1055.002 - Portable Executable Injection
  • T1102 - Web Service
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1018 - Remote System Discovery
MITREへのリンク →

INC Ransom

Score: 13.06
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
MITREへのリンク →

TA2541

Score: 10.78
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 17.23
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 8.20
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
MITREへのリンク →

Gamaredon Group

Score: 37.78
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1491.001 - Internal Defacement
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1095 - Non-Application Layer Protocol
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

TA505

Score: 10.37
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 25.42
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1491.001 - Internal Defacement
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

BITTER

Score: 7.58
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Saint Bear

Score: 8.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 12.22
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 6.72
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

BlackTech

Score: 3.68
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Medusa Group

Score: 16.30
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
MITREへのリンク →

Fox Kitten

Score: 12.59
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1102 - Web Service
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Cinnamon Tempest

Score: 6.08
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

ToddyCat

Score: 12.28
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 14.87
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1496.001 - Compute Hijacking
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
MITREへのリンク →

Winter Vivern

Score: 6.45
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

MuddyWater

Score: 19.36
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

MoustachedBouncer

Score: 8.97
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Silence

Score: 6.27
Matched TTPs:
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Cobalt Group

Score: 13.64
Matched TTPs:
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1218.010 - Regsvr32
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 4.51
Matched TTPs:
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

LAPSUS$

Score: 37.92
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Carbanak

Score: 4.61
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Leafminer

Score: 4.44
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1018 - Remote System Discovery
MITREへのリンク →

Molerats

Score: 3.41
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1204.001 - Malicious Link
MITREへのリンク →

Inception

Score: 10.51
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 21.32
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 7.57
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1218.010 - Regsvr32
  • T1018 - Remote System Discovery
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

POLONIUM

Score: 4.61
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Lotus Blossom

Score: 7.97
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
MITREへのリンク →

Chimera

Score: 13.71
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1111 - Multi-Factor Authentication Interception
  • T1018 - Remote System Discovery
MITREへのリンク →

Tropic Trooper

Score: 5.87
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1052.001 - Exfiltration over USB
MITREへのリンク →

Gorgon Group

Score: 6.78
Matched TTPs:
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

FIN8

Score: 12.14
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 13.28
Matched TTPs:
  • T1585.003 - Cloud Accounts
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BRONZE BUTLER

Score: 4.19
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
MITREへのリンク →

WIRTE

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN5

Score: 3.82
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Metador

Score: 3.52
Matched TTPs:
  • T1588.002 - Tool
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

APT19

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Windshift

Score: 3.88
Matched TTPs:
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1534 - Internal Spearphishing
  • T1111 - Multi-Factor Authentication Interception
  • T1593.001 - Social Media
  • T1218.005 - Mshta
  • T1555.003 - Credentials from Web Browsers
  • T1598 - Phishing for Information
  • T1027.012 - LNK Icon Smuggling
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1040 - Network Sniffing
  • T1598.003 - Spearphishing Link
  • T1056.001 - Keylogging
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
  • T1656 - Impersonation
  • T1608.001 - Upload Malware
  • T1591 - Gather Victim Org Information
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
MITREへのリンク →

APT41

Score: 0.62
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1190 - Exploit Public-Facing Application
  • T1596.005 - Scan Databases
  • T1055 - Process Injection
  • T1003.002 - Security Account Manager
  • T1555.003 - Credentials from Web Browsers
  • T1486 - Data Encrypted for Impact
  • T1213.003 - Code Repositories
  • T1056.001 - Keylogging
  • T1588.002 - Tool
  • T1568.002 - Domain Generation Algorithms
  • T1656 - Impersonation
  • T1078 - Valid Accounts
  • T1595.003 - Wordlist Scanning
  • T1496.001 - Compute Hijacking
  • T1090 - Proxy
  • T1546.008 - Accessibility Features
  • T1480.001 - Environmental Keying
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Scattered Spider

Score: 0.59
Matched TTPs:
  • T1213.003 - Code Repositories
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
  • T1598 - Phishing for Information
  • T1598.004 - Spearphishing Voice
  • T1588.002 - Tool
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1070.008 - Clear Mailbox Data
  • T1656 - Impersonation
  • T1486 - Data Encrypted for Impact
  • T1078 - Valid Accounts
  • T1589 - Gather Victim Identity Information
  • T1136 - Create Account
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1190 - Exploit Public-Facing Application
  • T1195 - Supply Chain Compromise
  • T1491.002 - External Defacement
  • T1555.003 - Credentials from Web Browsers
  • T1486 - Data Encrypted for Impact
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1598.003 - Spearphishing Link
  • T1499 - Endpoint Denial of Service
  • T1056.001 - Keylogging
  • T1588.002 - Tool
  • T1584.005 - Botnet
  • T1204.001 - Malicious Link
  • T1078 - Valid Accounts
  • T1608.001 - Upload Malware
  • T1090 - Proxy
  • T1591.002 - Business Relationships
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る