Trusted Design

Inside a network of 20,000+ fake shops

概要

A massive network of over 20,000 fraudulent e-commerce domains has been uncovered, all sharing common infrastructure and design patterns. These fake shops, primarily using the .shop domain, are designed to steal payment details and personal data from unsuspecting consumers. The operation is highly industrialized, with domains resolving to just 36 IP addresses, indicating a franchise-style model where a core team manages servers and templates while individual operators launch storefronts. The shops use familiar e-commerce tactics and psychological pressure to lure victims. To protect yourself, use browser protection tools, scrutinize unfamiliar domains, be wary of deep discounts, and look for independent reviews before making purchases.

Created: 2026-04-17

Indicators

Indicatorsは見つかっていない。

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 30.06
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1175 - Component Object Model and Distributed COM
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 9.00
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 12.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 31.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1223 - Compiled HTML File
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 14.95
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Dragonfly

Score: 28.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1175 - Component Object Model and Distributed COM
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 14.70
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 7.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 35.79
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT5

Score: 12.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 12.92
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 13.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 20.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 13.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Sea Turtle

Score: 24.33
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 14.31
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 19.49
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
MITREへのリンク →

RedCurl

Score: 7.62
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 5.89
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 7.99
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Magic Hound

Score: 25.55
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 14.90
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 33.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1041 - Exfiltration Over C2 Channel
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 14.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 9.20
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lazarus Group

Score: 24.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 25.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 12.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
MITREへのリンク →

LuminousMoth

Score: 12.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 25.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 8.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 5.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Moses Staff

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Turla

Score: 27.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustang Panda

Score: 21.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1136.003 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 9.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN7

Score: 30.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1564.002 - Hidden Users
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1065 - Uncommonly Used Port
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 32.17
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 7.94
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN6

Score: 15.63
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sidewinder

Score: 10.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 7.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 22.72
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 14.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 13.28
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 13.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 6.46
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 8.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 9.04
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 9.78
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

Windshift

Score: 6.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 5.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

MuddyWater

Score: 17.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 19.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1175 - Component Object Model and Distributed COM
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 9.81
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1564.002 - Hidden Users
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Inception

Score: 3.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
MITREへのリンク →

EXOTIC LILY

Score: 10.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 4.00
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 3.66
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA551

Score: 3.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
MITREへのリンク →

Confucius

Score: 4.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 3.70
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 10.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 8.81
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

FIN8

Score: 7.54
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 6.55
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 4.00
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 4.00
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN4

Score: 3.66
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 4.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 10.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 8.35
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 5.10
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 9.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT38

Score: 28.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

DarkHydrus

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
MITREへのリンク →

PLATINUM

Score: 5.10
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT39

Score: 6.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 9.38
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1134 - Access Token Manipulation
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Volt Typhoon

Score: 24.54
Matched TTPs:
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
MITREへのリンク →

Earth Lusca

Score: 15.81
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 5.10
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 22.00
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1175 - Component Object Model and Distributed COM
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT42

Score: 7.53
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Rocke

Score: 10.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

BackdoorDiplomacy

Score: 3.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Medusa Group

Score: 15.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Fox Kitten

Score: 11.16
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

ToddyCat

Score: 9.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 5.31
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505 - Server Software Component
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 8.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

LAPSUS$

Score: 21.51
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leafminer

Score: 7.85
Matched TTPs:
  • T1101 - Security Support Provider
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT3

Score: 7.92
Matched TTPs:
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

Lotus Blossom

Score: 7.12
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Dark Caracal

Score: 7.73
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 7.90
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT41

Score: 0.70
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1030 - Data Transfer Size Limits
  • T1134 - Access Token Manipulation
  • T1584.008 - Network Devices
  • T1041 - Exfiltration Over C2 Channel
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1157 - Dylib Hijacking
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1598.003 - Spearphishing Link
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Kimsuky

Score: 0.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1597 - Search Closed Sources
  • T1566.002 - Spearphishing Link
  • T1041 - Exfiltration Over C2 Channel
  • T1218.012 - Verclsid
  • T1009 - Binary Padding
  • T1606.002 - SAML Tokens
  • T1027.018 - Invisible Unicode
  • T1684 - Social Engineering
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Scattered Spider

Score: 0.63
Matched TTPs:
  • T1019 - System Firmware
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1597 - Search Closed Sources
  • T1566.002 - Spearphishing Link
  • T1027.002 - Software Packing
  • T1027 - Obfuscated Files or Information
  • T1157 - Dylib Hijacking
  • T1547.005 - Security Support Provider
MITREへのリンク →

APT29

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.008 - Network Devices
  • T1223 - Compiled HTML File
  • T1568 - Dynamic Resolution
  • T1547.008 - LSASS Driver
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
  • T1157 - Dylib Hijacking
  • T1608.006 - SEO Poisoning
  • T1177 - LSASS Driver
  • T1598.003 - Spearphishing Link
  • T1606.002 - SAML Tokens
MITREへのリンク →

FIN7

Score: 0.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.002 - Hidden Users
  • T1058 - Service Registry Permissions Weakness
  • T1065 - Uncommonly Used Port
  • T1584.005 - Botnet
  • T1218.012 - Verclsid
  • T1009 - Binary Padding
  • T1606.002 - SAML Tokens
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Contagious Interview

Score: 0.59
Matched TTPs:
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1175 - Component Object Model and Distributed COM
  • T1597 - Search Closed Sources
  • T1547.008 - LSASS Driver
  • T1044 - File System Permissions Weakness
  • T1547.005 - Security Support Provider
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1606.002 - SAML Tokens
MITREへのリンク →

Dragonfly

Score: 0.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1531 - Account Access Removal
  • T1134 - Access Token Manipulation
  • T1584.008 - Network Devices
  • T1175 - Component Object Model and Distributed COM
  • T1059.012 - Hypervisor CLI
  • T1566.002 - Spearphishing Link
  • T1041 - Exfiltration Over C2 Channel
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
MITREへのリンク →

APT38

Score: 0.55
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.012 - Verclsid
  • T1009 - Binary Padding
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
  • T1684 - Social Engineering
  • T1598.003 - Spearphishing Link
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る