Trusted Design

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

概要

A new phishing campaign is targeting TikTok for Business accounts using adversary-in-the-middle (AitM) techniques. The attackers employ Cloudflare Turnstile to evade detection and create convincing lookalike pages impersonating TikTok for Business or Google Careers. Victims are tricked into clicking malicious links, leading to credential theft. The campaign aims to seize control of business accounts, which can be used for malvertising and malware distribution. Multiple domains are involved in hosting the phishing pages. Additionally, a separate campaign using SVG file attachments to deliver malware has been observed in Venezuela, with potential links to BianLian ransomware activity.

Created: 2026-03-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 39.83
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1585 - Establish Accounts
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 32.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1585 - Establish Accounts
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Sandworm Team

Score: 40.70
Matched TTPs:
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Volt Typhoon

Score: 27.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1591 - Gather Victim Org Information
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1591.004 - Identify Roles
MITREへのリンク →

APT28

Score: 34.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
MITREへのリンク →

ZIRCONIUM

Score: 16.59
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
MITREへのリンク →

Leviathan

Score: 30.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustard Tempest

Score: 16.04
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1584.001 - Domains
MITREへのリンク →

Daggerfly

Score: 4.36
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1189 - Drive-by Compromise
MITREへのリンク →

GALLIUM

Score: 7.25
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
MITREへのリンク →

APT29

Score: 37.12
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 15.01
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
MITREへのリンク →

Dragonfly

Score: 37.60
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1583.003 - Virtual Private Server
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1187 - Forced Authentication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Ke3chang

Score: 12.77
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1078 - Valid Accounts
MITREへのリンク →

Agrius

Score: 7.62
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT41

Score: 27.24
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

APT5

Score: 9.67
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
MITREへのリンク →

menuPass

Score: 7.00
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1078 - Valid Accounts
MITREへのリンク →

Threat Group-3390

Score: 23.26
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Wizard Spider

Score: 14.09
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
MITREへのリンク →

Silent Librarian

Score: 14.82
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

Kimsuky

Score: 75.22
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1593.002 - Search Engines
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1588.005 - Exploits
  • T1584.001 - Domains
MITREへのリンク →

EXOTIC LILY

Score: 18.37
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

Sea Turtle

Score: 24.57
Matched TTPs:
  • T1583.002 - DNS Server
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 19.09
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 19.53
Matched TTPs:
  • T1583.002 - DNS Server
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1591.004 - Identify Roles
MITREへのリンク →

Scattered Spider

Score: 62.35
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
  • T1136 - Create Account
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Storm-0501

Score: 18.44
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

BlackTech

Score: 7.85
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

MuddyWater

Score: 16.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LuminousMoth

Score: 12.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1608.005 - Link Target
MITREへのリンク →

Confucius

Score: 7.29
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sidewinder

Score: 11.36
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 4.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN7

Score: 30.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1591.004 - Identify Roles
MITREへのリンク →

Transparent Tribe

Score: 12.54
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.001 - Domains
MITREへのリンク →

Mustang Panda

Score: 27.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN8

Score: 7.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT32

Score: 21.90
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT3

Score: 8.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1546.008 - Accessibility Features
  • T1552.001 - Credentials In Files
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 10.99
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1588.001 - Malware
  • T1584.001 - Domains
MITREへのリンク →

Lazarus Group

Score: 28.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1591 - Gather Victim Org Information
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT33

Score: 8.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Magic Hound

Score: 40.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
  • T1584.001 - Domains
MITREへのリンク →

OilRig

Score: 25.90
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1556.002 - Password Filter DLL
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windshift

Score: 5.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 5.04
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA2541

Score: 13.55
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Earth Lusca

Score: 18.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

RedCurl

Score: 3.97
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1552.001 - Credentials In Files
MITREへのリンク →

Storm-1811

Score: 15.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 19.33
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
MITREへのリンク →

Patchwork

Score: 7.16
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA505

Score: 14.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

LazyScripter

Score: 11.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

APT42

Score: 16.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1656 - Impersonation
MITREへのリンク →

APT39

Score: 6.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
MITREへのリンク →

TeamTNT

Score: 17.91
Matched TTPs:
  • T1070.002 - Clear Linux or Mac System Logs
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Salt Typhoon

Score: 15.82
Matched TTPs:
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1136 - Create Account
MITREへのリンク →

Rocke

Score: 12.85
Matched TTPs:
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Star Blizzard

Score: 19.23
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
MITREへのリンク →

Moonstone Sleet

Score: 22.35
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

CURIUM

Score: 21.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HAFNIUM

Score: 13.71
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1556.002 - Password Filter DLL
MITREへのリンク →

LAPSUS$

Score: 37.22
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1589.001 - Credentials
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
MITREへのリンク →

IndigoZebra

Score: 6.20
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
  • T1583.006 - Web Services
MITREへのリンク →

Gamaredon Group

Score: 23.25
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1583.003 - Virtual Private Server
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

SideCopy

Score: 11.22
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1584.001 - Domains
MITREへのリンク →

BlackByte

Score: 25.71
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

BITTER

Score: 10.70
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 10.31
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

BackdoorDiplomacy

Score: 5.69
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
MITREへのリンク →

Medusa Group

Score: 26.63
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
MITREへのリンク →

Fox Kitten

Score: 13.91
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1585 - Establish Accounts
MITREへのリンク →

Cinnamon Tempest

Score: 5.42
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
MITREへのリンク →

ToddyCat

Score: 6.33
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1134 - Access Token Manipulation
MITREへのリンク →

Winter Vivern

Score: 15.44
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 12.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

UNC3886

Score: 13.08
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 5.58
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
MITREへのリンク →

Play

Score: 7.21
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
MITREへのリンク →

Akira

Score: 12.62
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT38

Score: 18.41
Matched TTPs:
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Ferocious Kitten

Score: 4.96
Matched TTPs:
  • T1583.001 - Domains
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

MoustachedBouncer

Score: 6.63
Matched TTPs:
  • T1659 - Content Injection
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1078 - Valid Accounts
MITREへのリンク →

Velvet Ant

Score: 4.14
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

Tropic Trooper

Score: 6.88
Matched TTPs:
  • T1505.003 - Web Shell
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Tonto Team

Score: 5.35
Matched TTPs:
  • T1505.003 - Web Shell
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Indrik Spider

Score: 14.22
Matched TTPs:
  • T1585.002 - Email Accounts
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1136 - Create Account
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

BRONZE BUTLER

Score: 8.50
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Aquatic Panda

Score: 4.26
Matched TTPs:
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Andariel

Score: 9.56
Matched TTPs:
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Leafminer

Score: 4.29
Matched TTPs:
  • T1552.001 - Credentials In Files
  • T1189 - Drive-by Compromise
MITREへのリンク →

Inception

Score: 3.83
Matched TTPs:
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

POLONIUM

Score: 3.44
Matched TTPs:
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
MITREへのリンク →

FIN6

Score: 11.69
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1134 - Access Token Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Chimera

Score: 9.40
Matched TTPs:
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1556.001 - Domain Controller Authentication
MITREへのリンク →

PLATINUM

Score: 8.40
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1187 - Forced Authentication
MITREへのリンク →

APT37

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lotus Blossom

Score: 3.84
Matched TTPs:
  • T1134 - Access Token Manipulation
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1657 - Financial Theft
  • T1552.001 - Credentials In Files
  • T1566 - Phishing
  • T1598.003 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1593.002 - Search Engines
  • T1598 - Phishing for Information
  • T1594 - Search Victim-Owned Websites
  • T1505.003 - Web Shell
  • T1593 - Search Open Websites/Domains
  • T1583.001 - Domains
  • T1608.001 - Upload Malware
  • T1585 - Establish Accounts
  • T1593.001 - Social Media
  • T1591 - Gather Victim Org Information
  • T1584.001 - Domains
  • T1071.002 - File Transfer Protocols
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1656 - Impersonation
  • T1190 - Exploit Public-Facing Application
  • T1534 - Internal Spearphishing
  • T1588.005 - Exploits
  • T1586.002 - Email Accounts
  • T1585.002 - Email Accounts
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Scattered Spider

Score: 0.58
Matched TTPs:
  • T1538 - Cloud Service Dashboard
  • T1657 - Financial Theft
  • T1552.001 - Credentials In Files
  • T1598.003 - Spearphishing Link
  • T1598 - Phishing for Information
  • T1484.002 - Trust Modification
  • T1213.003 - Code Repositories
  • T1588.001 - Malware
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1583.001 - Domains
  • T1556.009 - Conditional Access Policies
  • T1021.007 - Cloud Services
  • T1656 - Impersonation
  • T1136 - Create Account
  • T1204 - User Execution
  • T1598.004 - Spearphishing Voice
  • T1070.008 - Clear Mailbox Data
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る