Trusted Design

Technical Analysis of SnappyClient

概要

Zscaler ThreatLabz identified a new command-and-control framework implant called SnappyClient, delivered via HijackLoader. SnappyClient is a C++-based implant with data theft and remote access capabilities. It employs evasion techniques like AMSI bypass, Heaven's Gate, direct system calls, and transacted hollowing. The malware receives configuration files from its C2 server and uses a custom encrypted network protocol. SnappyClient's main functions include stealing browser data, taking screenshots, keylogging, and providing remote shell access. Analysis suggests potential ties to HijackLoader based on code similarities. The primary goal appears to be cryptocurrency theft, targeting wallet addresses and crypto-related applications.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 12.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
MITREへのリンク →

menuPass

Score: 17.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1209 - Time Providers
MITREへのリンク →

Wizard Spider

Score: 23.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 10.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 17.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1209 - Time Providers
MITREへのリンク →

CopyKittens

Score: 4.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 33.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1488 - Disk Content Wipe
  • T1209 - Time Providers
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 8.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 31.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1092 - Communication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 9.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 15.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1059.003 - Windows Command Shell
  • T1209 - Time Providers
MITREへのリンク →

Sea Turtle

Score: 24.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 20.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 16.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 15.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Agrius

Score: 12.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 12.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT41

Score: 38.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1209 - Time Providers
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

MuddyWater

Score: 24.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 16.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 28.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

BRONZE BUTLER

Score: 6.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

UNC3886

Score: 18.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
MITREへのリンク →

Kimsuky

Score: 59.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1092 - Communication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1087.004 - Cloud Account
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 16.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 7.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 15.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Lotus Blossom

Score: 12.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 25.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 13.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 41.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 4.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 13.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 6.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Inception

Score: 9.01
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
MITREへのリンク →

Elderwood

Score: 3.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 3.77
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Transparent Tribe

Score: 3.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 18.79
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1488 - Disk Content Wipe
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 13.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 31.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Saint Bear

Score: 8.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 6.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
MITREへのリンク →

TA505

Score: 13.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 7.37
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 3.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
MITREへのリンク →

Threat Group-3390

Score: 14.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1209 - Time Providers
MITREへのリンク →

TA2541

Score: 14.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 4.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Storm-1811

Score: 4.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Blue Mockingbird

Score: 10.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 10.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1209 - Time Providers
MITREへのリンク →

Mofang

Score: 3.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Contagious Interview

Score: 31.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 10.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 20.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1519 - Emond
  • T1209 - Time Providers
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 29.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1574.014 - AppDomainManager
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 27.63
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1092 - Communication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 14.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Daggerfly

Score: 3.95
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 31.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 24.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
MITREへのリンク →

Ember Bear

Score: 16.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1519 - Emond
  • T1209 - Time Providers
MITREへのリンク →

Axiom

Score: 8.60
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
MITREへのリンク →

HEXANE

Score: 18.11
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
MITREへのリンク →

Winter Vivern

Score: 13.88
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Indrik Spider

Score: 11.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

LuminousMoth

Score: 11.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 34.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 4.24
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN7

Score: 25.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 34.46
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.005 - Mshta
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 11.79
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Silent Librarian

Score: 11.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

ZIRCONIUM

Score: 7.84
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 13.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 12.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Patchwork

Score: 12.05
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 7.31
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 11.18
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1505 - Server Software Component
  • T1209 - Time Providers
MITREへのリンク →

Gamaredon Group

Score: 29.82
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1092 - Communication Through Removable Media
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 10.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 4.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA551

Score: 5.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
MITREへのリンク →

Confucius

Score: 7.85
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 6.32
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gorgon Group

Score: 6.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
MITREへのリンク →

SideCopy

Score: 6.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

LazyScripter

Score: 4.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tonto Team

Score: 5.39
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
MITREへのリンク →

APT37

Score: 9.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Silence

Score: 6.93
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 21.05
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
  • T1216 - System Script Proxy Execution
MITREへのリンク →

PLATINUM

Score: 7.87
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Rocke

Score: 14.43
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1209 - Time Providers
MITREへのリンク →

Velvet Ant

Score: 14.26
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

BackdoorDiplomacy

Score: 5.85
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

Medusa Group

Score: 19.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Cinnamon Tempest

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackByte

Score: 23.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

APT42

Score: 9.32
Matched TTPs:
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

LAPSUS$

Score: 18.38
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 3.19
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Stealth Falcon

Score: 7.65
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 8.49
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 3.64
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
MITREへのリンク →

POLONIUM

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1001 - Data Obfuscation
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1555.003 - Credentials from Web Browsers
  • T1606.002 - SAML Tokens
  • T1037 - Boot or Logon Initialization Scripts
  • T1041 - Exfiltration Over C2 Channel
  • T1598.003 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1690 - Prevent Command History Logging
  • T1560.001 - Archive via Utility
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1092 - Communication Through Removable Media
  • T1684 - Social Engineering
  • T1027.018 - Invisible Unicode
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1009 - Binary Padding
  • T1134.002 - Create Process with Token
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1055.014 - VDSO Hijacking
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る