Trusted Design

ClickFix Campaigns Targeting Windows and macOS

概要

Insikt Group identified five distinct clusters using the ClickFix social engineering technique for initial access. These clusters impersonate various services like Intuit QuickBooks and Booking.com, demonstrating operational variance but similar core techniques. ClickFix manipulates victims into executing malicious commands within native system tools, bypassing traditional security controls. The methodology has become a standardized template for cybercriminals and APT groups. Campaigns target diverse sectors and use sophisticated obfuscation and living-off-the-land tactics. Defenders are advised to implement aggressive behavioral hardening and user awareness training to mitigate these threats.

Created: 2026-04-25

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 30.16
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1016 - System Network Configuration Discovery
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 9.00
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 12.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 24.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1218.009 - Regsvcs/Regasm
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 15.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Dragonfly

Score: 24.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 12.61
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 7.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 19.46
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT5

Score: 12.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 14.34
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 15.54
Matched TTPs:
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 19.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 14.97
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 14.90
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 8.50
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 21.54
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Scattered Spider

Score: 43.08
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1552.003 - Shell History
  • T1210 - Exploitation of Remote Services
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 10.47
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sidewinder

Score: 9.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustang Panda

Score: 24.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1136.003 - Cloud Account
  • T1567.002 - Exfiltration to Cloud Storage
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 23.18
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 9.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 28.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 38.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
MITREへのリンク →

Magic Hound

Score: 22.26
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 22.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 12.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

Moonstone Sleet

Score: 16.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 13.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 7.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 10.70
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1210 - Exploitation of Remote Services
  • T1134 - Access Token Manipulation
MITREへのリンク →

Transparent Tribe

Score: 6.16
Matched TTPs:
  • T1115 - Clipboard Data
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 13.25
Matched TTPs:
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 26.45
Matched TTPs:
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 8.13
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 25.70
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Medusa Group

Score: 20.26
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Higaisa

Score: 6.13
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

Lazarus Group

Score: 34.32
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gorgon Group

Score: 4.08
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1597 - Search Closed Sources
MITREへのリンク →

Turla

Score: 24.32
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Chimera

Score: 11.53
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
MITREへのリンク →

BlackTech

Score: 5.12
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 10.22
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

Tropic Trooper

Score: 11.19
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

ToddyCat

Score: 11.90
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT37

Score: 8.56
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 22.49
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT38

Score: 26.25
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 11.81
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 7.71
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 11.16
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Volt Typhoon

Score: 26.55
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 3.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Darkhotel

Score: 4.80
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 9.93
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 15.81
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 7.85
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 19.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Saint Bear

Score: 5.13
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 5.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 8.16
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Rocke

Score: 10.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

BackdoorDiplomacy

Score: 3.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Fox Kitten

Score: 7.88
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 5.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
MITREへのリンク →

Blue Mockingbird

Score: 5.31
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505 - Server Software Component
MITREへのリンク →

Winter Vivern

Score: 8.22
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 9.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

INC Ransom

Score: 11.29
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 8.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

MuddyWater

Score: 14.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

APT39

Score: 5.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 3.82
Matched TTPs:
  • T1684 - Social Engineering
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

PLATINUM

Score: 4.22
Matched TTPs:
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LAPSUS$

Score: 14.38
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1157 - Dylib Hijacking
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

Malteiro

Score: 4.58
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
MITREへのリンク →

APT3

Score: 6.69
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 4.84
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Stealth Falcon

Score: 5.67
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 9.90
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Molerats

Score: 3.41
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 4.39
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
MITREへのリンク →

RedCurl

Score: 3.41
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 13.18
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 8.95
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Lotus Blossom

Score: 7.12
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Akira

Score: 9.63
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Indrik Spider

Score: 7.10
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN8

Score: 6.67
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Storm-1811

Score: 4.86
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Windshift

Score: 5.65
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1552.003 - Shell History
  • T1564.003 - Hidden Window
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
  • T1210 - Exploitation of Remote Services
  • T1566.002 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1019 - System Firmware
  • T1583.001 - Domains
  • T1597 - Search Closed Sources
  • T1547.005 - Security Support Provider
MITREへのリンク →

Kimsuky

Score: 0.63
Matched TTPs:
  • T1009 - Binary Padding
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1597 - Search Closed Sources
  • T1218.012 - Verclsid
  • T1684 - Social Engineering
  • T1656 - Impersonation
  • T1055.014 - VDSO Hijacking
  • T1057 - Process Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Lazarus Group

Score: 0.56
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
  • T1210 - Exploitation of Remote Services
  • T1059.012 - Hypervisor CLI
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1590.003 - Network Trust Dependencies
  • T1218.012 - Verclsid
  • T1567.002 - Exfiltration to Cloud Storage
  • T1070.006 - Timestomp
  • T1547.008 - LSASS Driver
  • T1057 - Process Discovery
  • T1174 - Password Filter DLL
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る