Trusted Design

DTO malware that takes notes

概要

Perseus is a new Android threat that builds upon earlier malware families like Cerberus and Phoenix. It enables real-time monitoring and interaction with infected devices through Accessibility-based remote sessions, allowing full Device Takeover. The malware focuses on extracting high-value personal information, including monitoring user notes. It employs strong anti-analysis measures to evade detection. Perseus is primarily distributed through IPTV applications, targeting users in Turkey and Italy. Its capabilities include overlay attacks, keylogging, and systematic exploration of note-taking apps. The malware performs extensive environment checks to detect analysis conditions and assess device risk. Perseus represents the ongoing evolution of mobile malware, adapting to remain effective in an increasingly secure mobile environment.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 16.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.008 - Stripped Payloads
  • T1134.002 - Create Process with Token
  • T1218.008 - Odbcconf
  • T1219.001 - IDE Tunneling
MITREへのリンク →

menuPass

Score: 10.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Wizard Spider

Score: 14.23
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT33

Score: 8.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

Fox Kitten

Score: 18.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1588.005 - Exploits
MITREへのリンク →

CopyKittens

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1045 - Software Packing
MITREへのリンク →

Volt Typhoon

Score: 25.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT1

Score: 8.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
MITREへのリンク →

Mustang Panda

Score: 34.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1169 - Sudo
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Play

Score: 8.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Chimera

Score: 10.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Sea Turtle

Score: 15.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1596.001 - DNS/Passive DNS
  • T1499.003 - Application Exhaustion Flood
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 7.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

RedCurl

Score: 7.04
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
MITREへのリンク →

APT5

Score: 9.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Agrius

Score: 7.55
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 8.90
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1557.003 - DHCP Spoofing
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT41

Score: 34.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

MuddyWater

Score: 19.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

APT28

Score: 15.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Turla

Score: 21.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 14.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

UNC3886

Score: 17.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 58.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1557.003 - DHCP Spoofing
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1132.002 - Non-Standard Encoding
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 9.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN8

Score: 5.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Ke3chang

Score: 16.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Lotus Blossom

Score: 6.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1505 - Server Software Component
MITREへのリンク →

FIN13

Score: 17.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1134.001 - Token Impersonation/Theft
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Earth Lusca

Score: 23.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 42.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1024 - Custom Cryptographic Protocol
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 8.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 10.60
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 11.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 7.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 11.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 7.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 4.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 11.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 4.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 4.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 20.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1484.002 - Trust Modification
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sidewinder

Score: 15.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Lazarus Group

Score: 31.82
Matched TTPs:
  • T1491.002 - External Defacement
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Saint Bear

Score: 9.38
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 8.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 13.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Higaisa

Score: 4.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 4.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Threat Group-3390

Score: 12.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 10.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
MITREへのリンク →

Malteiro

Score: 5.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Storm-1811

Score: 8.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 12.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1045 - Software Packing
  • T1505 - Server Software Component
  • T1001.001 - Junk Data
MITREへのリンク →

Tropic Trooper

Score: 12.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Contagious Interview

Score: 39.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1562.010 - Downgrade Attack
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1547.008 - LSASS Driver
MITREへのリンク →

Moses Staff

Score: 6.03
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
MITREへのリンク →

TeamTNT

Score: 18.63
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
MITREへのリンク →

Metador

Score: 4.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 30.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1574.014 - AppDomainManager
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 15.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 19.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Andariel

Score: 13.41
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 4.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT29

Score: 30.43
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1024 - Custom Cryptographic Protocol
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 24.75
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ember Bear

Score: 15.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
  • T1003.003 - NTDS
MITREへのリンク →

Silent Librarian

Score: 15.69
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

LuminousMoth

Score: 14.82
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
MITREへのリンク →

BlackTech

Score: 4.65
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 11.81
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 25.34
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
MITREへのリンク →

Indrik Spider

Score: 12.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sandworm Team

Score: 39.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1557.003 - DHCP Spoofing
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
MITREへのリンク →

Salt Typhoon

Score: 8.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Aoqin Dragon

Score: 4.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN7

Score: 30.22
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1564.002 - Hidden Users
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Scattered Spider

Score: 38.05
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1218.005 - Mshta
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Storm-0501

Score: 10.32
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ZIRCONIUM

Score: 6.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Star Blizzard

Score: 14.43
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 15.94
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1557.003 - DHCP Spoofing
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 9.07
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

admin@338

Score: 5.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Rocke

Score: 9.14
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

Velvet Ant

Score: 8.88
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1574.014 - AppDomainManager
MITREへのリンク →

Gorgon Group

Score: 3.36
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
MITREへのリンク →

APT38

Score: 17.07
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Molerats

Score: 3.62
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Gamaredon Group

Score: 18.78
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
MITREへのリンク →

Winter Vivern

Score: 8.25
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BlackByte

Score: 19.42
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.010 - Downgrade Attack
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cinnamon Tempest

Score: 5.33
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

LAPSUS$

Score: 36.38
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1157 - Dylib Hijacking
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
  • T1132.002 - Non-Standard Encoding
  • T1588.005 - Exploits
MITREへのリンク →

Mustard Tempest

Score: 7.02
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LazyScripter

Score: 6.77
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
MITREへのリンク →

SideCopy

Score: 10.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

EXOTIC LILY

Score: 14.64
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 14.07
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Cobalt Group

Score: 5.63
Matched TTPs:
  • T1518.002 - Backup Software Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

Medusa Group

Score: 15.11
Matched TTPs:
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Leafminer

Score: 9.66
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 8.93
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 11.64
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 4.86
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Confucius

Score: 5.13
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Volatile Cedar

Score: 4.13
Matched TTPs:
  • T1002 - Data Compressed
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Windshift

Score: 7.03
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1024 - Custom Cryptographic Protocol
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1560.001 - Archive via Utility
  • T1183 - Image File Execution Options Injection
  • T1003.003 - NTDS
  • T1557.003 - DHCP Spoofing
  • T1041 - Exfiltration Over C2 Channel
  • T1037 - Boot or Logon Initialization Scripts
  • T1132.002 - Non-Standard Encoding
  • T1690 - Prevent Command History Logging
  • T1566.002 - Spearphishing Link
  • T1055.014 - VDSO Hijacking
  • T1562.012 - Disable or Modify Linux Audit System
  • T1656 - Impersonation
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る