Trusted Design

RedAlert Trojan Campaign: Fake Emergency Alert App Spread via SMS Spoofing Israeli Home Front Command

概要

A malicious SMS spoofing campaign is spreading a fake version of Israel's 'Red Alert' emergency app amid ongoing conflict. The trojanized Android app, disguised as a trusted warning platform, can steal SMS, contacts, and location data while appearing legitimate. The campaign exploits public fear during crises to deploy mobile spyware. The malware uses sophisticated techniques to bypass security checks, including package manager hooking and dynamic payload loading. It mirrors the official app's interface but requests high-risk permissions. The malware continuously tracks GPS coordinates and exfiltrates data to attacker-controlled infrastructure, posing severe strategic and physical security risks. This campaign erodes trust in emergency response systems and could potentially be used for targeted attacks or to optimize missile targeting.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 29.73
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1654 - Log Enumeration
  • T1583.006 - Web Services
  • T1518 - Software Discovery
MITREへのリンク →

Kimsuky

Score: 53.98
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 19.26
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1566 - Phishing
  • T1078 - Valid Accounts
MITREへのリンク →

Lazarus Group

Score: 35.06
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 25.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Contagious Interview

Score: 40.58
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1204.005 - Malicious Library
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1543.001 - Launch Agent
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 32.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Sandworm Team

Score: 49.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1499 - Endpoint Denial of Service
MITREへのリンク →

Inception

Score: 6.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1218.005 - Mshta
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 5.88
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 3.36
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 6.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1091 - Replication Through Removable Media
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 3.36
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT28

Score: 54.83
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1190 - Exploit Public-Facing Application
  • T1557.004 - Evil Twin
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1030 - Data Transfer Size Limits
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1001.001 - Junk Data
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

APT18

Score: 5.76
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1078 - Valid Accounts
MITREへのリンク →

Leviathan

Score: 21.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1189 - Drive-by Compromise
MITREへのリンク →

Sidewinder

Score: 12.76
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

APT39

Score: 11.40
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Saint Bear

Score: 7.38
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT33

Score: 5.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

BITTER

Score: 9.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
MITREへのリンク →

TA505

Score: 13.45
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1069 - Permission Groups Discovery
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT19

Score: 3.36
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 15.72
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1078 - Valid Accounts
  • T1213.005 - Messaging Applications
MITREへのリンク →

Threat Group-3390

Score: 19.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1030 - Data Transfer Size Limits
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 12.18
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Magic Hound

Score: 47.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 15.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 5.40
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
MITREへのリンク →

Tropic Trooper

Score: 17.24
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1091 - Replication Through Removable Media
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1573 - Encrypted Channel
  • T1518 - Software Discovery
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

menuPass

Score: 8.81
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Moses Staff

Score: 9.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
MITREへのリンク →

TeamTNT

Score: 22.73
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1610 - Deploy Container
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Metador

Score: 4.05
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 34.82
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 23.95
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT41

Score: 48.65
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1069 - Permission Groups Discovery
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1595.003 - Wordlist Scanning
  • T1030 - Data Transfer Size Limits
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
MITREへのリンク →

TA551

Score: 6.47
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1218.005 - Mshta
MITREへのリンク →

Volt Typhoon

Score: 56.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1069 - Permission Groups Discovery
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1654 - Log Enumeration
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

ZIRCONIUM

Score: 16.03
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

Mustard Tempest

Score: 8.28
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

Scattered Spider

Score: 44.66
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

APT3

Score: 8.30
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
MITREへのリンク →

FIN13

Score: 15.87
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Daggerfly

Score: 4.36
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1189 - Drive-by Compromise
MITREへのリンク →

GALLIUM

Score: 8.99
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

APT29

Score: 25.23
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 24.90
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
MITREへのリンク →

Ke3chang

Score: 18.43
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Agrius

Score: 7.62
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT5

Score: 14.85
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1654 - Log Enumeration
MITREへのリンク →

Wizard Spider

Score: 16.26
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Axiom

Score: 18.70
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 25.16
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
MITREへのリンク →

Chimera

Score: 12.97
Matched TTPs:
  • T1071.004 - DNS
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1556.001 - Domain Controller Authentication
MITREへのリンク →

LazyScripter

Score: 11.53
Matched TTPs:
  • T1071.004 - DNS
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

Cobalt Group

Score: 8.97
Matched TTPs:
  • T1071.004 - DNS
  • T1218.003 - CMSTP
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

FIN7

Score: 34.93
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
MITREへのリンク →

Indrik Spider

Score: 12.47
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

UNC3886

Score: 25.79
Matched TTPs:
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
MITREへのリンク →

LuminousMoth

Score: 16.85
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Play

Score: 10.23
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Aoqin Dragon

Score: 5.13
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Turla

Score: 39.50
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1071.003 - Mail Protocols
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
MITREへのリンク →

Storm-0501

Score: 7.94
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

FIN6

Score: 11.46
Matched TTPs:
  • T1213.006 - Databases
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Silent Librarian

Score: 10.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

Star Blizzard

Score: 14.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 14.42
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 4.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

HAFNIUM

Score: 19.35
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

BRONZE BUTLER

Score: 8.83
Matched TTPs:
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Aquatic Panda

Score: 10.22
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Earth Lusca

Score: 22.24
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT1

Score: 9.00
Matched TTPs:
  • T1007 - System Service Discovery
  • T1585.002 - Email Accounts
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT38

Score: 22.24
Matched TTPs:
  • T1565.003 - Runtime Data Manipulation
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Gamaredon Group

Score: 19.52
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

BlackByte

Score: 19.34
Matched TTPs:
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SideCopy

Score: 10.68
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 8.39
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1585.002 - Email Accounts
MITREへのリンク →

Rocke

Score: 5.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BackdoorDiplomacy

Score: 7.43
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
MITREへのリンク →

Medusa Group

Score: 19.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

ToddyCat

Score: 8.07
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 6.86
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 12.05
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

MuddyWater

Score: 18.63
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
MITREへのリンク →

Akira

Score: 10.10
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

MoustachedBouncer

Score: 8.97
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

LAPSUS$

Score: 30.54
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

Carbanak

Score: 6.16
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Velvet Ant

Score: 10.00
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

SilverTerrier

Score: 6.91
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

Tonto Team

Score: 3.86
Matched TTPs:
  • T1505.003 - Web Shell
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Leafminer

Score: 6.30
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1189 - Drive-by Compromise
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Andariel

Score: 9.80
Matched TTPs:
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 4.35
Matched TTPs:
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

FIN8

Score: 5.86
Matched TTPs:
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

PLATINUM

Score: 8.40
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

APT37

Score: 7.78
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Windshift

Score: 7.03
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1480.001 - Environmental Keying
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.70
Matched TTPs:
  • T1070.007 - Clear Network Connection History and Configurations
  • T1654 - Log Enumeration
  • T1584.003 - Virtual Private Server
  • T1007 - System Service Discovery
  • T1078 - Valid Accounts
  • T1505.003 - Web Shell
  • T1587.004 - Exploits
  • T1518 - Software Discovery
  • T1049 - System Network Connections Discovery
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1596.005 - Scan Databases
  • T1591.004 - Identify Roles
  • T1068 - Exploitation for Privilege Escalation
  • T1584.008 - Network Devices
  • T1069 - Permission Groups Discovery
  • T1591 - Gather Victim Org Information
  • T1584.005 - Botnet
  • T1090 - Proxy
MITREへのリンク →

APT28

Score: 0.68
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1078 - Valid Accounts
  • T1598 - Phishing for Information
  • T1557.004 - Evil Twin
  • T1211 - Exploitation for Defense Evasion
  • T1505.003 - Web Shell
  • T1598.003 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1091 - Replication Through Removable Media
  • T1068 - Exploitation for Privilege Escalation
  • T1584.008 - Network Devices
  • T1027.013 - Encrypted/Encoded File
  • T1071.003 - Mail Protocols
  • T1498 - Network Denial of Service
  • T1001.001 - Junk Data
  • T1591 - Gather Victim Org Information
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Kimsuky

Score: 0.67
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1608.001 - Upload Malware
  • T1007 - System Service Discovery
  • T1566 - Phishing
  • T1585.002 - Email Accounts
  • T1071.002 - File Transfer Protocols
  • T1598 - Phishing for Information
  • T1562.001 - Disable or Modify Tools
  • T1505.003 - Web Shell
  • T1562.004 - Disable or Modify System Firewall
  • T1598.003 - Spearphishing Link
  • T1218.005 - Mshta
  • T1190 - Exploit Public-Facing Application
  • T1587.001 - Malware
  • T1588.005 - Exploits
  • T1534 - Internal Spearphishing
  • T1583.006 - Web Services
  • T1071.003 - Mail Protocols
  • T1591 - Gather Victim Org Information
  • T1557 - Adversary-in-the-Middle
MITREへのリンク →

Sandworm Team

Score: 0.62
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1213.006 - Databases
  • T1592.002 - Software
  • T1195 - Supply Chain Compromise
  • T1591.002 - Business Relationships
  • T1584.005 - Botnet
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1499 - Endpoint Denial of Service
  • T1598.003 - Spearphishing Link
  • T1078 - Valid Accounts
  • T1585.002 - Email Accounts
  • T1491.002 - External Defacement
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1190 - Exploit Public-Facing Application
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1480.001 - Environmental Keying
  • T1071.002 - File Transfer Protocols
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1595.003 - Wordlist Scanning
  • T1078 - Valid Accounts
  • T1030 - Data Transfer Size Limits
  • T1568.002 - Domain Generation Algorithms
  • T1486 - Data Encrypted for Impact
  • T1069 - Permission Groups Discovery
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1566.003 - Spearphishing via Service
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1505.003 - Web Shell
  • T1562 - Impair Defenses
  • T1562.004 - Disable or Modify System Firewall
  • T1598.003 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1049 - System Network Connections Discovery
  • T1190 - Exploit Public-Facing Application
  • T1573 - Encrypted Channel
  • T1589 - Gather Victim Identity Information
  • T1583.006 - Web Services
  • T1486 - Data Encrypted for Impact
  • T1027.013 - Encrypted/Encoded File
  • T1592.002 - Software
  • T1090 - Proxy
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Scattered Spider

Score: 0.56
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
  • T1090 - Proxy
  • T1213.005 - Messaging Applications
  • T1484.002 - Trust Modification
  • T1598.004 - Spearphishing Voice
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1070.008 - Clear Mailbox Data
  • T1069 - Permission Groups Discovery
  • T1598 - Phishing for Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る