Trusted Design

South American telecommunication providers targeted with three new malware implants

概要

UAT-9244, a China-nexus advanced persistent threat actor, has been targeting critical telecommunications infrastructure in South America since 2024. The group employs three new malware implants: TernDoor, a Windows-based backdoor variant of CrowDoor; PeerTime, an ELF-based backdoor using BitTorrent protocol; and BruteEntry, a brute force scanner for SSH, Postgres, and Tomcat servers. UAT-9244 uses dynamic-link library side-loading, scheduled tasks, and registry modifications for persistence. The group is closely associated with FamousSparrow and Tropic Trooper, sharing similar tooling and tactics. Their infrastructure includes multiple command and control servers and operational relay boxes for scanning and brute-forcing activities.

Created: 2026-04-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 12.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1018 - Remote System Discovery
MITREへのリンク →

menuPass

Score: 15.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Wizard Spider

Score: 20.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 7.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1078 - Valid Accounts
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Fox Kitten

Score: 17.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

CopyKittens

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1090 - Proxy
MITREへのリンク →

Volt Typhoon

Score: 34.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1596.005 - Scan Databases
  • T1124 - System Time Discovery
MITREへのリンク →

APT1

Score: 9.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Mustang Panda

Score: 32.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1052.001 - Exfiltration over USB
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 12.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Chimera

Score: 16.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

Sea Turtle

Score: 27.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 13.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

RedCurl

Score: 10.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT5

Score: 15.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Agrius

Score: 15.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

GALLIUM

Score: 15.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

APT41

Score: 46.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1595.002 - Vulnerability Scanning
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

MuddyWater

Score: 13.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 35.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1137.002 - Office Test
  • T1204.001 - Malicious Link
MITREへのリンク →

Turla

Score: 28.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 19.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1550.003 - Pass the Ticket
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1124 - System Time Discovery
  • T1053.002 - At
MITREへのリンク →

UNC3886

Score: 17.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1124 - System Time Discovery
MITREへのリンク →

Kimsuky

Score: 44.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 9.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN8

Score: 11.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Ke3chang

Score: 18.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Lotus Blossom

Score: 10.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1049 - System Network Connections Discovery
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN13

Score: 19.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
  • T1046 - Network Service Discovery
MITREへのリンク →

Earth Lusca

Score: 21.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 36.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 8.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1595.002 - Vulnerability Scanning
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

INC Ransom

Score: 14.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
MITREへのリンク →

Akira

Score: 15.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

ToddyCat

Score: 11.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Contagious Interview

Score: 27.45
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Daggerfly

Score: 9.00
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

APT29

Score: 33.45
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1550.003 - Pass the Ticket
  • T1218.005 - Mshta
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1027.006 - HTML Smuggling
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 30.24
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 24.01
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1560.002 - Archive via Library
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1053.002 - At
MITREへのリンク →

Ember Bear

Score: 18.57
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Axiom

Score: 14.31
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 19.08
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1110 - Brute Force
  • T1018 - Remote System Discovery
MITREへのリンク →

Winter Vivern

Score: 13.00
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1583.003 - Virtual Private Server
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 17.35
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 11.72
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 34.39
Matched TTPs:
  • T1587.001 - Malware
  • T1560.002 - Archive via Library
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

OilRig

Score: 33.44
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1556.002 - Password Filter DLL
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1137.004 - Outlook Home Page
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LuminousMoth

Score: 12.31
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1608.005 - Link Target
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 27.64
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 8.65
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Aoqin Dragon

Score: 5.13
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Moses Staff

Score: 7.67
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
MITREへのリンク →

TeamTNT

Score: 16.82
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN7

Score: 24.82
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

Scattered Spider

Score: 41.68
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Storm-0501

Score: 17.12
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Sidewinder

Score: 12.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 9.85
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
  • T1124 - System Time Discovery
MITREへのリンク →

APT32

Score: 29.04
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1550.003 - Pass the Ticket
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Star Blizzard

Score: 9.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 13.63
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 5.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
MITREへのリンク →

Gamaredon Group

Score: 25.07
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1218.005 - Mshta
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 7.39
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

Tropic Trooper

Score: 16.05
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1052.001 - Exfiltration over USB
  • T1573 - Encrypted Channel
  • T1046 - Network Service Discovery
MITREへのリンク →

TA2541

Score: 9.93
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 5.10
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

TA505

Score: 7.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 25.53
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

BITTER

Score: 5.59
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1573 - Encrypted Channel
MITREへのリンク →

Saint Bear

Score: 8.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 5.86
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 7.53
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1656 - Impersonation
MITREへのリンク →

Rocke

Score: 12.54
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 6.74
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

BlackTech

Score: 4.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Medusa Group

Score: 21.51
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Cinnamon Tempest

Score: 7.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1134 - Access Token Manipulation
MITREへのリンク →

Leviathan

Score: 14.00
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Volatile Cedar

Score: 9.96
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

APT38

Score: 28.25
Matched TTPs:
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Silence

Score: 5.43
Matched TTPs:
  • T1055 - Process Injection
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Cobalt Group

Score: 9.72
Matched TTPs:
  • T1055 - Process Injection
  • T1046 - Network Service Discovery
  • T1220 - XSL Script Processing
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 4.22
Matched TTPs:
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

PLATINUM

Score: 4.22
Matched TTPs:
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1078 - Valid Accounts
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

LAPSUS$

Score: 17.30
Matched TTPs:
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1090 - Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

DarkVishnya

Score: 4.29
Matched TTPs:
  • T1110 - Brute Force
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN5

Score: 5.49
Matched TTPs:
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

FIN6

Score: 15.64
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT18

Score: 5.27
Matched TTPs:
  • T1078 - Valid Accounts
  • T1053.002 - At
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
MITREへのリンク →

Storm-1811

Score: 7.90
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Transparent Tribe

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 5.65
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Leafminer

Score: 5.07
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Naikon

Score: 3.31
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Higaisa

Score: 6.72
Matched TTPs:
  • T1220 - XSL Script Processing
  • T1124 - System Time Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT41

Score: 0.70
Matched TTPs:
  • T1090 - Proxy
  • T1486 - Data Encrypted for Impact
  • T1213.003 - Code Repositories
  • T1595.002 - Vulnerability Scanning
  • T1110 - Brute Force
  • T1003.002 - Security Account Manager
  • T1018 - Remote System Discovery
  • T1656 - Impersonation
  • T1046 - Network Service Discovery
  • T1596.005 - Scan Databases
  • T1595.003 - Wordlist Scanning
  • T1560.001 - Archive via Utility
  • T1078 - Valid Accounts
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1071.002 - File Transfer Protocols
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Kimsuky

Score: 0.67
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1534 - Internal Spearphishing
  • T1218.005 - Mshta
  • T1557 - Adversary-in-the-Middle
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
  • T1598.003 - Spearphishing Link
  • T1560.001 - Archive via Utility
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1055 - Process Injection
  • T1007 - System Service Discovery
  • T1587.001 - Malware
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Scattered Spider

Score: 0.63
Matched TTPs:
  • T1090 - Proxy
  • T1486 - Data Encrypted for Impact
  • T1213.003 - Code Repositories
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1538 - Cloud Service Dashboard
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
  • T1598.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る