Trusted Design

Technical Analysis of SnappyClient

概要

Zscaler ThreatLabz identified a new command-and-control framework implant called SnappyClient, delivered via HijackLoader. SnappyClient is a C++-based implant with data theft and remote access capabilities. It employs evasion techniques like AMSI bypass, Heaven's Gate, direct system calls, and transacted hollowing. The malware receives configuration files from its C2 server and uses a custom encrypted network protocol. SnappyClient's main functions include stealing browser data, taking screenshots, keylogging, and providing remote shell access. Analysis suggests potential ties to HijackLoader based on code similarities. The primary goal appears to be cryptocurrency theft, targeting wallet addresses and crypto-related applications.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 12.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
MITREへのリンク →

menuPass

Score: 17.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1046 - Network Service Discovery
MITREへのリンク →

Wizard Spider

Score: 23.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1555.004 - Windows Credential Manager
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 10.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Fox Kitten

Score: 17.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1046 - Network Service Discovery
MITREへのリンク →

CopyKittens

Score: 4.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 33.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1587.004 - Exploits
  • T1046 - Network Service Discovery
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 8.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1566.001 - Spearphishing Attachment
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
MITREへのリンク →

Mustang Panda

Score: 31.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1027.016 - Junk Code Insertion
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Play

Score: 9.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Chimera

Score: 15.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1556.001 - Domain Controller Authentication
  • T1046 - Network Service Discovery
MITREへのリンク →

Sea Turtle

Score: 24.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 20.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 16.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT5

Score: 15.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
MITREへのリンク →

Agrius

Score: 12.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1046 - Network Service Discovery
MITREへのリンク →

GALLIUM

Score: 12.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
MITREへのリンク →

APT41

Score: 38.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1595.003 - Wordlist Scanning
  • T1213.003 - Code Repositories
  • T1046 - Network Service Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

MuddyWater

Score: 24.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 16.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Turla

Score: 28.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1584.003 - Virtual Private Server
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1555.004 - Windows Credential Manager
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

BRONZE BUTLER

Score: 6.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

UNC3886

Score: 18.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1587.004 - Exploits
MITREへのリンク →

Kimsuky

Score: 59.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1027.016 - Junk Code Insertion
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1041 - Exfiltration Over C2 Channel
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1593.001 - Social Media
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 16.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1041 - Exfiltration Over C2 Channel
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN8

Score: 7.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

Ke3chang

Score: 15.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
MITREへのリンク →

Lotus Blossom

Score: 12.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 25.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1134.003 - Make and Impersonate Token
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 13.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 41.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Aquatic Panda

Score: 4.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

INC Ransom

Score: 13.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

ToddyCat

Score: 6.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
MITREへのリンク →

Inception

Score: 9.01
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
MITREへのリンク →

Elderwood

Score: 3.83
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 3.77
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
MITREへのリンク →

Transparent Tribe

Score: 3.83
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 18.79
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1587.004 - Exploits
  • T1204.001 - Malicious Link
MITREへのリンク →

Sidewinder

Score: 13.55
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Lazarus Group

Score: 31.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Saint Bear

Score: 8.15
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1589.002 - Email Addresses
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 6.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
MITREへのリンク →

TA505

Score: 13.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

Higaisa

Score: 7.37
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1041 - Exfiltration Over C2 Channel
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT19

Score: 3.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

Threat Group-3390

Score: 14.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1046 - Network Service Discovery
MITREへのリンク →

TA2541

Score: 14.42
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1204.001 - Malicious Link
MITREへのリンク →

Malteiro

Score: 4.52
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Storm-1811

Score: 4.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Blue Mockingbird

Score: 10.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tropic Trooper

Score: 10.92
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1046 - Network Service Discovery
MITREへのリンク →

Mofang

Score: 3.83
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Contagious Interview

Score: 31.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 10.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 20.99
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1046 - Network Service Discovery
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 29.51
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1556.002 - Password Filter DLL
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 27.63
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1027.016 - Junk Code Insertion
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 14.17
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Daggerfly

Score: 3.95
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.001 - Malicious Link
MITREへのリンク →

APT29

Score: 31.38
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 24.74
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
MITREへのリンク →

Ember Bear

Score: 16.05
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1046 - Network Service Discovery
MITREへのリンク →

Axiom

Score: 8.60
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
MITREへのリンク →

HEXANE

Score: 18.11
Matched TTPs:
  • T1583.002 - DNS Server
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
MITREへのリンク →

Winter Vivern

Score: 13.88
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Indrik Spider

Score: 11.04
Matched TTPs:
  • T1587.001 - Malware
  • T1585.002 - Email Accounts
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

LuminousMoth

Score: 11.42
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 34.07
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1499 - Endpoint Denial of Service
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Aoqin Dragon

Score: 4.24
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
MITREへのリンク →

FIN7

Score: 25.49
Matched TTPs:
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 34.46
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1021.007 - Cloud Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1213.003 - Code Repositories
MITREへのリンク →

Storm-0501

Score: 11.79
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Silent Librarian

Score: 11.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

ZIRCONIUM

Score: 7.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1041 - Exfiltration Over C2 Channel
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 13.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

CURIUM

Score: 12.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
MITREへのリンク →

Patchwork

Score: 12.05
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 7.31
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN6

Score: 11.18
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1134 - Access Token Manipulation
  • T1046 - Network Service Discovery
MITREへのリンク →

Gamaredon Group

Score: 29.82
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1027.016 - Junk Code Insertion
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 10.89
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1593.001 - Social Media
  • T1204.001 - Malicious Link
MITREへのリンク →

Molerats

Score: 4.29
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1204.001 - Malicious Link
MITREへのリンク →

TA551

Score: 5.74
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
MITREへのリンク →

Confucius

Score: 7.85
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 6.32
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Gorgon Group

Score: 6.67
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
MITREへのリンク →

SideCopy

Score: 6.84
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

LazyScripter

Score: 4.58
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
MITREへのリンク →

Tonto Team

Score: 5.39
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
MITREへのリンク →

APT37

Score: 9.01
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Silence

Score: 6.93
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1090.002 - External Proxy
  • T1588.002 - Tool
MITREへのリンク →

APT38

Score: 21.05
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

PLATINUM

Score: 7.87
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1056.004 - Credential API Hooking
MITREへのリンク →

Rocke

Score: 14.43
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1046 - Network Service Discovery
MITREへのリンク →

Velvet Ant

Score: 14.26
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

BackdoorDiplomacy

Score: 5.85
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
MITREへのリンク →

Medusa Group

Score: 19.54
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Cinnamon Tempest

Score: 4.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

BlackByte

Score: 23.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1134.003 - Make and Impersonate Token
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

APT42

Score: 9.32
Matched TTPs:
  • T1070.008 - Clear Mailbox Data
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
MITREへのリンク →

LAPSUS$

Score: 18.38
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1213.003 - Code Repositories
MITREへのリンク →

Carbanak

Score: 3.19
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Stealth Falcon

Score: 7.65
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1041 - Exfiltration Over C2 Channel
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Leafminer

Score: 8.49
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 3.64
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
MITREへのリンク →

POLONIUM

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1593.001 - Social Media
  • T1560.001 - Archive via Utility
  • T1562.001 - Disable or Modify Tools
  • T1218.005 - Mshta
  • T1190 - Exploit Public-Facing Application
  • T1071.002 - File Transfer Protocols
  • T1204.001 - Malicious Link
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1534 - Internal Spearphishing
  • T1585.002 - Email Accounts
  • T1557 - Adversary-in-the-Middle
  • T1055 - Process Injection
  • T1552.001 - Credentials In Files
  • T1083 - File and Directory Discovery
  • T1027.016 - Junk Code Insertion
  • T1589.002 - Email Addresses
  • T1027.012 - LNK Icon Smuggling
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る