Trusted Design

How to uncover a Horabot campaign and detect this malware

概要

This report details the discovery and analysis of a Horabot malware campaign targeting primarily Mexican users. The attack chain begins with a fake CAPTCHA page leading to multiple stages of obfuscated scripts, ultimately delivering an AutoIT loader and a Delphi-based banking Trojan. The malware employs sophisticated encryption techniques, anti-VM checks, and a custom protocol for C2 communication. It also includes a spreader component written in PowerShell that harvests and exfiltrates email addresses to distribute phishing emails. The analysis reveals Brazilian Portuguese comments in the code, suggesting the threat actor's origin. The report provides detection opportunities including YARA rules and hunting queries to identify this threat.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 21.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.005 - IP Addresses
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
MITREへのリンク →

menuPass

Score: 8.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Wizard Spider

Score: 18.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1518.002 - Backup Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

APT33

Score: 8.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Fox Kitten

Score: 15.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1110 - Brute Force
  • T1078 - Valid Accounts
MITREへのリンク →

CopyKittens

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1090 - Proxy
MITREへのリンク →

Volt Typhoon

Score: 33.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1596.005 - Scan Databases
MITREへのリンク →

APT1

Score: 5.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1588.001 - Malware
MITREへのリンク →

Mustang Panda

Score: 17.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Play

Score: 16.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Chimera

Score: 8.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1556.001 - Domain Controller Authentication
MITREへのリンク →

Sea Turtle

Score: 22.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 11.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1110 - Brute Force
  • T1078 - Valid Accounts
MITREへのリンク →

RedCurl

Score: 9.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
MITREへのリンク →

APT5

Score: 12.56
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
MITREへのリンク →

Agrius

Score: 11.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

GALLIUM

Score: 12.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1078 - Valid Accounts
MITREへのリンク →

APT41

Score: 46.23
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1071.002 - File Transfer Protocols
  • T1218.001 - Compiled HTML File
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1030 - Data Transfer Size Limits
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
MITREへのリンク →

MuddyWater

Score: 24.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT28

Score: 27.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
  • T1598 - Phishing for Information
  • T1498 - Network Denial of Service
MITREへのリンク →

Turla

Score: 33.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1584.003 - Virtual Private Server
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Sowbug

Score: 4.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 6.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

UNC3886

Score: 23.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 48.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1598 - Phishing for Information
MITREへのリンク →

APT3

Score: 12.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN8

Score: 8.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Ke3chang

Score: 15.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Lotus Blossom

Score: 6.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN13

Score: 21.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
MITREへのリンク →

Earth Lusca

Score: 20.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1584.006 - Web Services
MITREへのリンク →

Magic Hound

Score: 45.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.005 - IP Addresses
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 7.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1082 - System Information Discovery
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

INC Ransom

Score: 17.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Akira

Score: 14.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

ToddyCat

Score: 9.23
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Contagious Interview

Score: 31.93
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Andariel

Score: 7.80
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustard Tempest

Score: 10.48
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1583.004 - Server
MITREへのリンク →

Daggerfly

Score: 3.80
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1082 - System Information Discovery
MITREへのリンク →

APT29

Score: 34.45
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 24.61
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Threat Group-3390

Score: 16.32
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1560.002 - Archive via Library
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Ember Bear

Score: 18.23
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Axiom

Score: 18.42
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

HEXANE

Score: 18.70
Matched TTPs:
  • T1583.002 - DNS Server
  • T1082 - System Information Discovery
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1589.002 - Email Addresses
  • T1534 - Internal Spearphishing
  • T1110 - Brute Force
MITREへのリンク →

Moonstone Sleet

Score: 16.59
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1589.002 - Email Addresses
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 7.66
Matched TTPs:
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Lazarus Group

Score: 26.63
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1560.002 - Archive via Library
  • T1562.004 - Disable or Modify System Firewall
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 34.60
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1556.002 - Password Filter DLL
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1218.001 - Compiled HTML File
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LuminousMoth

Score: 14.58
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Sandworm Team

Score: 38.98
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1589.002 - Email Addresses
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Aoqin Dragon

Score: 4.89
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 8.88
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
MITREへのリンク →

TeamTNT

Score: 16.31
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

FIN7

Score: 25.06
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Scattered Spider

Score: 48.84
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Storm-0501

Score: 20.79
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 15.26
Matched TTPs:
  • T1213.006 - Databases
  • T1555.003 - Credentials from Web Browsers
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1134 - Access Token Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BlackTech

Score: 4.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 8.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sidewinder

Score: 13.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 22.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Leviathan

Score: 17.81
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

ZIRCONIUM

Score: 12.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1598 - Phishing for Information
MITREへのリンク →

EXOTIC LILY

Score: 7.99
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1589.002 - Email Addresses
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Molerats

Score: 3.50
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Windshift

Score: 5.18
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 9.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA2541

Score: 11.26
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Storm-1811

Score: 15.39
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 9.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 10.10
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

LazyScripter

Score: 8.26
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

APT42

Score: 8.84
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1070.008 - Clear Mailbox Data
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Silent Librarian

Score: 10.25
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

Star Blizzard

Score: 10.43
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 14.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1584.006 - Web Services
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windigo

Score: 4.85
Matched TTPs:
  • T1082 - System Information Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
MITREへのリンク →

BlackByte

Score: 16.48
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Blue Mockingbird

Score: 11.61
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
MITREへのリンク →

Darkhotel

Score: 4.00
Matched TTPs:
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Rocke

Score: 13.87
Matched TTPs:
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 22.78
Matched TTPs:
  • T1082 - System Information Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT37

Score: 4.75
Matched TTPs:
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Inception

Score: 11.14
Matched TTPs:
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Malteiro

Score: 5.78
Matched TTPs:
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1657 - Financial Theft
MITREへのリンク →

APT38

Score: 19.05
Matched TTPs:
  • T1082 - System Information Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1218.001 - Compiled HTML File
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SideCopy

Score: 7.17
Matched TTPs:
  • T1082 - System Information Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

APT19

Score: 3.95
Matched TTPs:
  • T1082 - System Information Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

APT18

Score: 3.93
Matched TTPs:
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Tropic Trooper

Score: 9.39
Matched TTPs:
  • T1082 - System Information Discovery
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Winter Vivern

Score: 7.60
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1584.006 - Web Services
MITREへのリンク →

admin@338

Score: 4.00
Matched TTPs:
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 18.18
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Stealth Falcon

Score: 6.88
Matched TTPs:
  • T1082 - System Information Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Velvet Ant

Score: 8.88
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1556.002 - Password Filter DLL
MITREへのリンク →

BackdoorDiplomacy

Score: 5.69
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
MITREへのリンク →

Cinnamon Tempest

Score: 7.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

LAPSUS$

Score: 21.71
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1078 - Valid Accounts
  • T1213.003 - Code Repositories
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1078 - Valid Accounts
MITREへのリンク →

Leafminer

Score: 7.89
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1218.010 - Regsvr32
MITREへのリンク →

Tonto Team

Score: 3.26
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 7.83
Matched TTPs:
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA551

Score: 7.61
Matched TTPs:
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
MITREへのリンク →

POLONIUM

Score: 5.78
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
MITREへのリンク →

Dark Caracal

Score: 7.26
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.001 - Compiled HTML File
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Silence

Score: 4.86
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1078 - Valid Accounts
MITREへのリンク →

FIN5

Score: 3.95
Matched TTPs:
  • T1110 - Brute Force
  • T1078 - Valid Accounts
MITREへのリンク →

BITTER

Score: 5.12
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1583.006 - Web Services
  • T1598 - Phishing for Information
  • T1218.010 - Regsvr32
  • T1583.004 - Server
  • T1562.001 - Disable or Modify Tools
  • T1190 - Exploit Public-Facing Application
  • T1560.001 - Archive via Utility
  • T1534 - Internal Spearphishing
  • T1562.004 - Disable or Modify System Firewall
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1598.003 - Spearphishing Link
  • T1071.002 - File Transfer Protocols
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1657 - Financial Theft
  • T1218.005 - Mshta
  • T1082 - System Information Discovery
  • T1589.002 - Email Addresses
  • T1566 - Phishing
MITREへのリンク →

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1021.007 - Cloud Services
  • T1598.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1589 - Gather Victim Identity Information
  • T1486 - Data Encrypted for Impact
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1213.003 - Code Repositories
  • T1070.008 - Clear Mailbox Data
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1598.003 - Spearphishing Link
  • T1538 - Cloud Service Dashboard
  • T1090 - Proxy
  • T1082 - System Information Discovery
  • T1657 - Financial Theft
  • T1484.002 - Trust Modification
MITREへのリンク →

APT41

Score: 0.66
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1560.001 - Archive via Utility
  • T1110 - Brute Force
  • T1030 - Data Transfer Size Limits
  • T1555.003 - Credentials from Web Browsers
  • T1486 - Data Encrypted for Impact
  • T1078 - Valid Accounts
  • T1596.005 - Scan Databases
  • T1546.008 - Accessibility Features
  • T1595.003 - Wordlist Scanning
  • T1203 - Exploitation for Client Execution
  • T1213.003 - Code Repositories
  • T1083 - File and Directory Discovery
  • T1090 - Proxy
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1071.002 - File Transfer Protocols
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Magic Hound

Score: 0.65
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1583.006 - Web Services
  • T1566.003 - Spearphishing via Service
  • T1562.001 - Disable or Modify Tools
  • T1190 - Exploit Public-Facing Application
  • T1560.001 - Archive via Utility
  • T1573 - Encrypted Channel
  • T1562.004 - Disable or Modify System Firewall
  • T1590.005 - IP Addresses
  • T1083 - File and Directory Discovery
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1591.001 - Determine Physical Locations
  • T1589 - Gather Victim Identity Information
  • T1082 - System Information Discovery
  • T1589.002 - Email Addresses
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1213.006 - Databases
  • T1555.003 - Credentials from Web Browsers
  • T1486 - Data Encrypted for Impact
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1587.001 - Malware
  • T1584.005 - Botnet
  • T1589.002 - Email Addresses
  • T1583.004 - Server
  • T1203 - Exploitation for Client Execution
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1499 - Endpoint Denial of Service
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る