Trusted Design

Inside Keitaro Abuse Part 2: One Platform, Many Threats

概要

This analysis examines how threat actors abuse Keitaro, an advertising performance tracker, for various malicious purposes. The report covers a wide range of threats, including malware delivery, phishing, scams, and illegal content distribution. Key findings include the use of Keitaro for cloaking and traffic distribution in malvertising campaigns, spam operations leveraging Keitaro for cryptocurrency wallet draining, and the abuse of Keitaro in investment scams. The report also highlights specific threat actors and their tactics, such as domain hijacking for adult content delivery and the use of fake arrests as clickbait for investment scams. Overall, the analysis demonstrates how Keitaro's features make it attractive to cybercriminals seeking to maximize their reach with minimal effort.

Created: 2026-04-26

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 31.65
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 7.39
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Gamaredon Group

Score: 26.32
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1059.013 - Container CLI/API
MITREへのリンク →

OilRig

Score: 18.51
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 20.31
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MoustachedBouncer

Score: 4.38
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.69
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

APT42

Score: 6.78
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
MITREへのリンク →

Magic Hound

Score: 26.63
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 13.25
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

Winter Vivern

Score: 9.14
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 7.71
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1684 - Social Engineering
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volt Typhoon

Score: 31.55
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT39

Score: 6.72
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Kimsuky

Score: 34.91
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1003.003 - NTDS
MITREへのリンク →

Dark Caracal

Score: 6.58
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 30.64
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Contagious Interview

Score: 17.60
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 10.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 12.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 24.81
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1223 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 15.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ke3chang

Score: 14.95
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Agrius

Score: 7.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 30.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1002 - Data Compressed
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT5

Score: 12.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 14.39
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Threat Group-3390

Score: 20.56
Matched TTPs:
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 16.69
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ember Bear

Score: 14.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 14.49
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 11.79
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 23.11
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
MITREへのリンク →

Scattered Spider

Score: 33.17
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 10.69
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Sidewinder

Score: 8.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

Mustang Panda

Score: 24.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1136.003 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Sandworm Team

Score: 26.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 7.99
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
MITREへのリンク →

APT32

Score: 30.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Star Blizzard

Score: 12.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

Moonstone Sleet

Score: 15.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 13.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 4.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HAFNIUM

Score: 13.96
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Transparent Tribe

Score: 4.80
Matched TTPs:
  • T1115 - Clipboard Data
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LuminousMoth

Score: 11.89
Matched TTPs:
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
MITREへのリンク →

Mustard Tempest

Score: 6.77
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Rocke

Score: 16.73
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

INC Ransom

Score: 12.21
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Velvet Ant

Score: 11.77
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

TeamTNT

Score: 13.81
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Turla

Score: 21.67
Matched TTPs:
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 3.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Darkhotel

Score: 4.80
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tropic Trooper

Score: 8.90
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

TA2541

Score: 8.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
MITREへのリンク →

Earth Lusca

Score: 14.45
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

LazyScripter

Score: 6.84
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

TA505

Score: 6.11
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BlackByte

Score: 21.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

BITTER

Score: 6.73
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
MITREへのリンク →

EXOTIC LILY

Score: 10.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

BackdoorDiplomacy

Score: 5.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 17.79
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Fox Kitten

Score: 12.59
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1612 - Build Image on Host
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ToddyCat

Score: 12.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 4.22
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Leviathan

Score: 11.03
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

UNC3886

Score: 11.79
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 6.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Salt Typhoon

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT38

Score: 22.60
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Cobalt Group

Score: 10.23
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
MITREへのリンク →

APT37

Score: 4.22
Matched TTPs:
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

PLATINUM

Score: 8.99
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Lazarus Group

Score: 21.06
Matched TTPs:
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

LAPSUS$

Score: 24.52
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1137.004 - Outlook Home Page
  • T1065 - Uncommonly Used Port
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT3

Score: 9.23
Matched TTPs:
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

Deep Panda

Score: 7.57
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
  • T1134 - Access Token Manipulation
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Lotus Blossom

Score: 3.28
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 7.04
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Inception

Score: 7.61
Matched TTPs:
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

FIN6

Score: 16.91
Matched TTPs:
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 9.93
Matched TTPs:
  • T1612 - Build Image on Host
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA551

Score: 5.09
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Indrik Spider

Score: 7.10
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT33

Score: 3.52
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-1811

Score: 4.86
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT19

Score: 4.51
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windshift

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Leafminer

Score: 3.31
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1055.014 - VDSO Hijacking
  • T1009 - Binary Padding
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.002 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1003.003 - NTDS
  • T1690 - Prevent Command History Logging
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1197 - BITS Jobs
  • T1597 - Search Closed Sources
  • T1218.012 - Verclsid
MITREへのリンク →

Scattered Spider

Score: 0.67
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1134 - Access Token Manipulation
  • T1039 - Data from Network Shared Drive
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1027.002 - Software Packing
  • T1548.006 - TCC Manipulation
  • T1197 - BITS Jobs
  • T1019 - System Firmware
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Dragonfly

Score: 0.63
Matched TTPs:
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
  • T1193 - Spearphishing Attachment
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.002 - Spearphishing Link
  • T1573 - Encrypted Channel
  • T1009 - Binary Padding
  • T1548.006 - TCC Manipulation
  • T1115 - Clipboard Data
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volt Typhoon

Score: 0.63
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1065 - Uncommonly Used Port
  • T1070.006 - Timestomp
  • T1039 - Data from Network Shared Drive
  • T1574.002 - DLL Side-Loading
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1176 - Software Extensions
  • T1055.004 - Asynchronous Procedure Call
  • T1548.006 - TCC Manipulation
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT32

Score: 0.62
Matched TTPs:
  • T1612 - Build Image on Host
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1039 - Data from Network Shared Drive
  • T1566.002 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1091 - Replication Through Removable Media
  • T1115 - Clipboard Data
  • T1684 - Social Engineering
  • T1174 - Password Filter DLL
  • T1218.012 - Verclsid
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1065 - Uncommonly Used Port
  • T1027 - Obfuscated Files or Information
  • T1058 - Service Registry Permissions Weakness
  • T1009 - Binary Padding
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1091 - Replication Through Removable Media
  • T1115 - Clipboard Data
  • T1584.005 - Botnet
  • T1218.012 - Verclsid
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1584.008 - Network Devices
  • T1002 - Data Compressed
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1055.004 - Asynchronous Procedure Call
  • T1548.006 - TCC Manipulation
  • T1684 - Social Engineering
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る