Trusted Design

Mobile spyware campaign impersonates Israel's Red Alert rocket warning system

概要

A targeted campaign has been identified distributing a trojanized version of the Red Alert rocket warning Android app to Israeli users via SMS messages impersonating official Home Front Command communications. The malicious app retains full rocket alert functionality while running malicious code in the background. It bypasses Android security checks through certificate spoofing and runtime manipulation. Once installed, the malware collects sensitive data including SMS messages, contacts, location data, device accounts, and installed applications. The stolen data is transmitted to a remote command-and-control server. This campaign exploits user trust in emergency services during periods of geopolitical tension, combining social engineering with mobile espionage for maximum impact.

Created: 2026-03-09

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 26.72
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
  • T1668 - Exclusive Control
MITREへのリンク →

Sandworm Team

Score: 39.34
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
MITREへのリンク →

APT41

Score: 44.19
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1668 - Exclusive Control
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

TA551

Score: 6.47
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1218.012 - Verclsid
MITREへのリンク →

Mustard Tempest

Score: 8.28
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 7.29
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 10.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
  • T1668 - Exclusive Control
MITREへのリンク →

APT29

Score: 36.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 16.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.006 - Systemd Timers
  • T1668 - Exclusive Control
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 23.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ke3chang

Score: 16.70
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
MITREへのリンク →

Agrius

Score: 5.86
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 7.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

menuPass

Score: 8.23
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
MITREへのリンク →

Threat Group-3390

Score: 15.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Wizard Spider

Score: 16.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1668 - Exclusive Control
MITREへのリンク →

Sea Turtle

Score: 14.80
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 25.64
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 16.64
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

Chimera

Score: 17.26
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1668 - Exclusive Control
MITREへのリンク →

LazyScripter

Score: 11.53
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
MITREへのリンク →

Cobalt Group

Score: 13.40
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1518.002 - Backup Software Discovery
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

OilRig

Score: 28.73
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT39

Score: 13.71
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1569.002 - Service Execution
MITREへのリンク →

Tropic Trooper

Score: 10.61
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

APT18

Score: 4.17
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1157 - Dylib Hijacking
MITREへのリンク →

FIN7

Score: 27.91
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
MITREへのリンク →

RedCurl

Score: 11.57
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1562.012 - Disable or Modify Linux Audit System
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

APT1

Score: 11.01
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1668 - Exclusive Control
MITREへのリンク →

Magic Hound

Score: 32.20
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 10.14
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Kimsuky

Score: 53.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1668 - Exclusive Control
MITREへのリンク →

Moonstone Sleet

Score: 17.76
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 10.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Lazarus Group

Score: 33.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 39.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 23.15
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 10.37
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 6.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

Moses Staff

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Turla

Score: 32.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 18.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1159 - Launch Agent
MITREへのリンク →

TeamTNT

Score: 10.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

Medusa Group

Score: 19.54
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Sidewinder

Score: 12.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Scattered Spider

Score: 41.88
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 14.46
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

APT32

Score: 20.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
MITREへのリンク →

APT28

Score: 40.54
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 9.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 10.37
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 7.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HAFNIUM

Score: 9.42
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

BRONZE BUTLER

Score: 10.33
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Aquatic Panda

Score: 9.52
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

Earth Lusca

Score: 20.51
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volt Typhoon

Score: 21.43
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1159 - Launch Agent
  • T1569.002 - Service Execution
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 10.58
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Gamaredon Group

Score: 20.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
MITREへのリンク →

SideCopy

Score: 10.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 10.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BlackByte

Score: 13.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BITTER

Score: 9.18
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 10.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

EXOTIC LILY

Score: 9.83
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 11.19
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Rocke

Score: 5.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

BackdoorDiplomacy

Score: 3.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Storm-0501

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Fox Kitten

Score: 15.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1588.005 - Exploits
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 6.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Leviathan

Score: 17.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

INC Ransom

Score: 10.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

MuddyWater

Score: 23.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Akira

Score: 14.23
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

MoustachedBouncer

Score: 8.97
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Carbanak

Score: 6.16
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

APT38

Score: 14.21
Matched TTPs:
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Velvet Ant

Score: 11.20
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

SilverTerrier

Score: 6.91
Matched TTPs:
  • T1131 - Authentication Package
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

APT3

Score: 9.58
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 7.07
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

Stealth Falcon

Score: 5.67
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 8.36
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 11.33
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

LAPSUS$

Score: 29.36
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1601 - Modify System Image
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 8.63
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 13.74
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1505 - Server Software Component
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN5

Score: 4.17
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
MITREへのリンク →

Tonto Team

Score: 6.34
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

Silence

Score: 4.17
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Andariel

Score: 9.56
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 5.85
Matched TTPs:
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

FIN8

Score: 5.86
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

PLATINUM

Score: 3.86
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Storm-1811

Score: 16.97
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Higaisa

Score: 8.27
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1569.002 - Service Execution
MITREへのリンク →

Transparent Tribe

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windshift

Score: 7.03
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lotus Blossom

Score: 6.77
Matched TTPs:
  • T1505 - Server Software Component
  • T1569.002 - Service Execution
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1131 - Authentication Package
  • T1055.014 - VDSO Hijacking
  • T1218.012 - Verclsid
  • T1030 - Data Transfer Size Limits
  • T1606.002 - SAML Tokens
  • T1562.012 - Disable or Modify Linux Audit System
  • T1091 - Replication Through Removable Media
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1197 - BITS Jobs
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1009 - Binary Padding
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.007 - Proc Filesystem
  • T1668 - Exclusive Control
  • T1547.002 - Authentication Package
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

APT41

Score: 0.58
Matched TTPs:
  • T1045 - Software Packing
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1157 - Dylib Hijacking
  • T1584.008 - Network Devices
  • T1177 - LSASS Driver
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1037.001 - Logon Script (Windows)
  • T1140 - Deobfuscate/Decode Files or Information
  • T1041 - Exfiltration Over C2 Channel
  • T1027 - Obfuscated Files or Information
  • T1668 - Exclusive Control
  • T1564.003 - Hidden Window
  • T1562.012 - Disable or Modify Linux Audit System
  • T1539 - Steal Web Session Cookie
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る