Trusted Design

Copyright Lures Mask a Multi-Stage PureLog Stealer Attack on Key Industries

概要

A sophisticated malware campaign delivering PureLog Stealer has been identified, targeting healthcare, government, hospitality, and education sectors in multiple countries. The attack uses localized copyright violation lures to trick victims into executing a multi-stage infection chain. The malware employs encrypted payloads, remote key retrieval, and fileless execution techniques to evade detection. It utilizes a Python-based loader and dual .NET loaders to run PureLog Stealer entirely in memory. The campaign incorporates AMSI bypass, registry persistence, screenshot capture, and victim fingerprinting for stealth and intelligence gathering. Evidence confirms communication with PureLog-associated infrastructure.

Created: 2026-04-19

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 18.59
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 13.35
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1134 - Access Token Manipulation
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Gamaredon Group

Score: 25.32
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 26.70
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 26.64
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1588.003 - Code Signing Certificates
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.76
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT42

Score: 20.93
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Magic Hound

Score: 28.55
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 22.99
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 10.71
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 8.56
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volt Typhoon

Score: 26.97
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Group5

Score: 4.22
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
MITREへのリンク →

APT39

Score: 16.69
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1599 - Network Boundary Bridging
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 41.19
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1132.002 - Non-Standard Encoding
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dark Caracal

Score: 4.81
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 23.26
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT38

Score: 24.98
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ajax Security Team

Score: 4.46
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1547.008 - LSASS Driver
MITREへのリンク →

Darkhotel

Score: 4.97
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

menuPass

Score: 14.83
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT5

Score: 14.04
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 17.37
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Lazarus Group

Score: 25.64
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1016.001 - Internet Connection Discovery
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

PLATINUM

Score: 4.39
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1684 - Social Engineering
MITREへのリンク →

FIN4

Score: 4.72
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 25.89
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HEXANE

Score: 17.79
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT32

Score: 24.66
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 14.35
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 17.98
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

Ke3chang

Score: 17.37
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 34.78
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Contagious Interview

Score: 17.30
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 11.29
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

CopyKittens

Score: 4.00
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 26.84
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1136.003 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

UNC3886

Score: 14.03
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
MITREへのリンク →

Lotus Blossom

Score: 7.28
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

Mustard Tempest

Score: 7.87
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 7.24
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 17.62
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT29

Score: 24.00
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Agrius

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 30.81
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 12.67
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Sea Turtle

Score: 11.21
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 10.02
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
MITREへのリンク →

Scattered Spider

Score: 35.47
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 7.94
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sidewinder

Score: 9.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 10.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 5.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 12.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Moonstone Sleet

Score: 11.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 12.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 4.67
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 22.46
Matched TTPs:
  • T1499.004 - Application or System Exploitation
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1562.011 - Spoof Security Alerting
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 6.86
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Turla

Score: 21.12
Matched TTPs:
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 13.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aoqin Dragon

Score: 3.88
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1199 - Trusted Relationship
MITREへのリンク →

Tropic Trooper

Score: 15.56
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

TA2541

Score: 10.78
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 10.37
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

TA505

Score: 10.84
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 21.45
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

BITTER

Score: 6.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
MITREへのリンク →

Saint Bear

Score: 5.13
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 8.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 10.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

BackdoorDiplomacy

Score: 4.05
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackTech

Score: 3.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Medusa Group

Score: 18.59
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Fox Kitten

Score: 10.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 3.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 9.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Leviathan

Score: 19.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1562.011 - Spoof Security Alerting
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 13.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Moses Staff

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 7.08
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Salt Typhoon

Score: 9.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 4.67
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 5.49
Matched TTPs:
  • T1684 - Social Engineering
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Carbanak

Score: 4.61
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT1

Score: 7.62
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

Indrik Spider

Score: 11.91
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

LAPSUS$

Score: 10.03
Matched TTPs:
  • T1019 - System Firmware
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

Andariel

Score: 4.77
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Chimera

Score: 18.43
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
  • T1132.002 - Non-Standard Encoding
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT33

Score: 6.16
Matched TTPs:
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 4.91
Matched TTPs:
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

RedCurl

Score: 3.88
Matched TTPs:
  • T1051 - Shared Webroot
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Inception

Score: 3.19
Matched TTPs:
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
MITREへのリンク →

Confucius

Score: 5.67
Matched TTPs:
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA551

Score: 5.37
Matched TTPs:
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Stealth Falcon

Score: 5.59
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Storm-1811

Score: 9.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 7.52
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN5

Score: 3.82
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aquatic Panda

Score: 5.39
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

APT18

Score: 5.27
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Windshift

Score: 3.88
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1016.001 - Internet Connection Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1596.003 - Digital Certificates
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1156 - Malicious Shell Modification
  • T1132.002 - Non-Standard Encoding
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 0.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1019 - System Firmware
  • T1199 - Trusted Relationship
  • T1027.002 - Software Packing
  • T1134 - Access Token Manipulation
  • T1083 - File and Directory Discovery
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027 - Obfuscated Files or Information
  • T1583.001 - Domains
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT41

Score: 0.59
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1199 - Trusted Relationship
  • T1002 - Data Compressed
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1684 - Social Engineering
  • T1584.008 - Network Devices
  • T1668 - Exclusive Control
  • T1596.003 - Digital Certificates
  • T1177 - LSASS Driver
  • T1037.001 - Logon Script (Windows)
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る