Trusted Design

Remote Access Delivered Through Fake Zoom and Google Meet Calls

概要

A campaign using fake Zoom and Google Meet pages to lure victims into fraudulent video calls has been identified. The attackers use these pages to deliver remote-access software. Multiple domains hosting identical fake meeting pages were discovered, with one domain previously linked to a ClickFix campaign. The fake interfaces show an active meeting with expected participants. When victims join, they are prompted to download a file disguised as a Zoom update. Various payloads were identified, including executables masquerading as meeting updates, MSI installers deploying legitimate remote support software, and commercial monitoring software configured for covert remote access. The campaign's goal appears to be establishing remote access using whichever tool is most effective.

Created: 2026-03-09

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 46.15
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1065 - Uncommonly Used Port
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Contagious Interview

Score: 46.38
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 17.85
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1589 - Gather Victim Identity Information
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 53.80
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Inception

Score: 12.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Dark Caracal

Score: 7.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 6.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 6.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 9.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 44.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1588.003 - Code Signing Certificates
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT18

Score: 4.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 36.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sidewinder

Score: 14.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 15.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
MITREへのリンク →

Lazarus Group

Score: 37.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 11.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT33

Score: 8.48
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 5.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 11.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Higaisa

Score: 8.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

APT19

Score: 3.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 16.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Threat Group-3390

Score: 21.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 11.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Malteiro

Score: 4.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.003 - Shell History
MITREへのリンク →

Magic Hound

Score: 39.29
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 22.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 3.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Tropic Trooper

Score: 9.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Mofang

Score: 3.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
MITREへのリンク →

menuPass

Score: 12.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moses Staff

Score: 7.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

TeamTNT

Score: 22.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1071.003 - Mail Protocols
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 27.82
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 25.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 22.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

ZIRCONIUM

Score: 17.35
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

Mustard Tempest

Score: 12.76
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 4.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 9.19
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT29

Score: 20.68
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 16.58
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Dragonfly

Score: 34.46
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ke3chang

Score: 18.77
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Agrius

Score: 7.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 44.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

APT5

Score: 10.94
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 22.24
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1038 - DLL Search Order Hijacking
  • T1589 - Gather Victim Identity Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Silent Librarian

Score: 13.30
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

Kimsuky

Score: 76.93
Matched TTPs:
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1683.001 - Written Content
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

EXOTIC LILY

Score: 19.38
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

Sea Turtle

Score: 11.52
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 21.11
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 19.48
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Indrik Spider

Score: 12.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

UNC3886

Score: 24.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 15.67
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
MITREへのリンク →

Salt Typhoon

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 10.61
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Aoqin Dragon

Score: 4.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 9.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
MITREへのリンク →

Turla

Score: 24.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustang Panda

Score: 49.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1593.002 - Search Engines
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1565.002 - Transmitted Data Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN7

Score: 38.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Scattered Spider

Score: 44.32
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 13.39
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

BlackTech

Score: 4.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 20.49
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 13.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Evilnum

Score: 4.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN8

Score: 7.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT3

Score: 13.76
Matched TTPs:
  • T1543.003 - Windows Service
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Windshift

Score: 5.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Earth Lusca

Score: 16.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 11.75
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

LazyScripter

Score: 10.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 15.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1612 - Build Image on Host
  • T1599 - Network Boundary Bridging
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Star Blizzard

Score: 15.05
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 17.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 15.50
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1574.014 - AppDomainManager
MITREへのリンク →

Gamaredon Group

Score: 27.22
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1200 - Hardware Additions
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

BlackByte

Score: 13.32
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Rocke

Score: 11.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 3.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 23.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 5.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 9.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 14.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 14.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 12.62
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Carbanak

Score: 6.16
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

APT38

Score: 18.16
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Velvet Ant

Score: 7.17
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Aquatic Panda

Score: 5.64
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1597 - Search Closed Sources
MITREへのリンク →

LAPSUS$

Score: 29.81
Matched TTPs:
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1619 - Cloud Storage Object Discovery
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1589.003 - Employee Names
MITREへのリンク →

Chimera

Score: 12.21
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1548.006 - TCC Manipulation
MITREへのリンク →

admin@338

Score: 4.53
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

Lotus Blossom

Score: 3.03
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Windigo

Score: 3.06
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Leafminer

Score: 5.59
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 9.64
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Andariel

Score: 8.84
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN6

Score: 10.61
Matched TTPs:
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

POLONIUM

Score: 5.83
Matched TTPs:
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

APT37

Score: 5.66
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

RTM

Score: 7.98
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

PLATINUM

Score: 6.30
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

DarkHydrus

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1565.002 - Transmitted Data Manipulation
  • T1008 - Fallback Channels
  • T1683.001 - Written Content
  • T1606.002 - SAML Tokens
  • T1690 - Prevent Command History Logging
  • T1057 - Process Discovery
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
  • T1030 - Data Transfer Size Limits
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1197 - BITS Jobs
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1140 - Deobfuscate/Decode Files or Information
  • T1213.006 - Databases
  • T1051 - Shared Webroot
  • T1547.002 - Authentication Package
  • T1087.004 - Cloud Account
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る