Trusted Design

AI Infrastructure Supply Chain Poisoning Alert

概要

A supply chain poisoning attack on LiteLLM, a popular AI model gateway, was detected by NSFOCUS Technology CERT. The TeamPCP group compromised the Trivy security scanning tool used in LiteLLM's release process, allowing them to publish malicious versions 1.82.7 and 1.82.8 on PyPI. These versions contained credential-stealing programs that collected sensitive data and, if a Kubernetes cluster was detected, deployed privileged Pods and implanted persistent backdoors. The attack impacted numerous dependent packages and potentially affected millions of users. The incident highlights the growing risks in AI infrastructure and the need for robust supply chain security measures.

Created: 2026-03-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 39.08
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1588.004 - Digital Certificates
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1176.002 - IDE Extensions
  • T1070 - Indicator Removal
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1588.002 - Tool
  • T1518 - Software Discovery
MITREへのリンク →

Kimsuky

Score: 39.10
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1218.005 - Mshta
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 32.08
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1588.004 - Digital Certificates
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 36.86
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1078.001 - Default Accounts
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 15.52
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 10.66
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 35.86
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1593.003 - Code Repositories
  • T1204.005 - Malicious Library
  • T1497 - Virtualization/Sandbox Evasion
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Sandworm Team

Score: 50.77
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1584.004 - Server
MITREへのリンク →

Star Blizzard

Score: 17.15
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

Akira

Score: 13.10
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

HAFNIUM

Score: 22.67
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1593.003 - Code Repositories
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

LAPSUS$

Score: 39.84
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1584.002 - DNS Server
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
MITREへのリンク →

Chimera

Score: 7.01
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

APT28

Score: 30.66
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1542.003 - Bootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1528 - Steal Application Access Token
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Ke3chang

Score: 17.01
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

Daggerfly

Score: 11.64
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1584.004 - Server
MITREへのリンク →

GALLIUM

Score: 11.70
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

APT29

Score: 37.21
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1528 - Steal Application Access Token
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1027.006 - HTML Smuggling
MITREへのリンク →

FIN13

Score: 26.86
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1078.001 - Default Accounts
  • T1049 - System Network Connections Discovery
  • T1134.003 - Make and Impersonate Token
  • T1588.002 - Tool
  • T1565 - Data Manipulation
MITREへのリンク →

Dragonfly

Score: 27.45
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1584.004 - Server
MITREへのリンク →

APT41

Score: 33.83
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1542.003 - Bootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1496.001 - Compute Hijacking
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1595.003 - Wordlist Scanning
  • T1213.003 - Code Repositories
MITREへのリンク →

APT5

Score: 16.17
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1070 - Indicator Removal
  • T1049 - System Network Connections Discovery
MITREへのリンク →

menuPass

Score: 16.56
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

Threat Group-3390

Score: 25.03
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Wizard Spider

Score: 16.71
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Silent Librarian

Score: 12.59
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

Lazarus Group

Score: 35.16
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1542.003 - Bootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1070 - Indicator Removal
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1491.001 - Internal Defacement
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1584.004 - Server
MITREへのリンク →

UNC3886

Score: 27.70
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1078.001 - Default Accounts
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

LuminousMoth

Score: 15.51
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

BlackTech

Score: 5.47
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Axiom

Score: 16.76
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1553 - Subvert Trust Controls
MITREへのリンク →

HEXANE

Score: 25.66
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
MITREへのリンク →

TeamTNT

Score: 25.27
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1610 - Deploy Container
  • T1049 - System Network Connections Discovery
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Gamaredon Group

Score: 24.52
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1491.001 - Internal Defacement
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Volt Typhoon

Score: 34.43
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1518 - Software Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 6.53
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518 - Software Discovery
MITREへのリンク →

TA2541

Score: 12.45
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT42

Score: 13.82
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Storm-1811

Score: 4.33
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

FIN7

Score: 27.69
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1591.004 - Identify Roles
MITREへのリンク →

Mustard Tempest

Score: 3.11
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
MITREへのリンク →

MuddyWater

Score: 26.53
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Patchwork

Score: 8.40
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Earth Lusca

Score: 21.16
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1584.004 - Server
MITREへのリンク →

BackdoorDiplomacy

Score: 9.41
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

RedCurl

Score: 12.16
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Naikon

Score: 3.04
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Aquatic Panda

Score: 8.14
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT32

Score: 20.57
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

Tropic Trooper

Score: 12.90
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1573 - Encrypted Channel
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Magic Hound

Score: 41.56
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1016.002 - Wi-Fi Discovery
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1078.001 - Default Accounts
  • T1585.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

INC Ransom

Score: 9.33
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Whitefly

Score: 4.08
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

OilRig

Score: 27.87
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1497.001 - System Checks
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1137.004 - Outlook Home Page
MITREへのリンク →

Carbanak

Score: 4.33
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Darkhotel

Score: 10.32
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1497 - Virtualization/Sandbox Evasion
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT1

Score: 8.47
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1585.002 - Email Accounts
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

Blue Mockingbird

Score: 10.92
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1496.001 - Compute Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Sidewinder

Score: 14.20
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1598.003 - Spearphishing Link
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT39

Score: 5.22
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

Velvet Ant

Score: 11.14
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Fox Kitten

Score: 10.40
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1210 - Exploitation of Remote Services
MITREへのリンク →

ToddyCat

Score: 8.58
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

SideCopy

Score: 13.72
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Turla

Score: 28.28
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1584.003 - Virtual Private Server
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1518.001 - Security Software Discovery
  • T1584.004 - Server
MITREへのリンク →

Rocke

Score: 15.89
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Moonstone Sleet

Score: 14.08
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Salt Typhoon

Score: 6.76
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 8.11
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Moses Staff

Score: 8.52
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

FIN6

Score: 14.26
Matched TTPs:
  • T1213.006 - Databases
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1497.001 - System Checks
MITREへのリンク →

Scattered Spider

Score: 27.44
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1213.003 - Code Repositories
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

ZIRCONIUM

Score: 6.61
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

CURIUM

Score: 10.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
MITREへのリンク →

BlackByte

Score: 27.79
Matched TTPs:
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1491.001 - Internal Defacement
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

LazyScripter

Score: 6.77
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
MITREへのリンク →

TA505

Score: 11.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

BITTER

Score: 8.54
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
MITREへのリンク →

Saint Bear

Score: 7.61
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1497 - Virtualization/Sandbox Evasion
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 4.26
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Medusa Group

Score: 23.42
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
MITREへのリンク →

Storm-0501

Score: 5.71
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Winter Vivern

Score: 5.09
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.006 - Web Services
MITREへのリンク →

Leviathan

Score: 11.98
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1584.004 - Server
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

Cobalt Group

Score: 11.90
Matched TTPs:
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT38

Score: 18.35
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Malteiro

Score: 3.95
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT3

Score: 7.07
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT33

Score: 5.00
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Inception

Score: 7.99
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1518 - Software Discovery
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

Tonto Team

Score: 6.61
Matched TTPs:
  • T1505.003 - Web Shell
  • T1210 - Exploitation of Remote Services
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Andariel

Score: 4.19
Matched TTPs:
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1542.002 - Component Firmware
MITREへのリンク →

Lotus Blossom

Score: 6.43
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
MITREへのリンク →

POLONIUM

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1056.002 - GUI Input Capture
MITREへのリンク →

FIN8

Score: 7.18
Matched TTPs:
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Windshift

Score: 4.65
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1195 - Supply Chain Compromise
  • T1486 - Data Encrypted for Impact
  • T1213.006 - Databases
  • T1505.003 - Web Shell
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1199 - Trusted Relationship
  • T1195.002 - Compromise Software Supply Chain
  • T1584.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1598.003 - Spearphishing Link
  • T1491.002 - External Defacement
  • T1591.002 - Business Relationships
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1585.002 - Email Accounts
  • T1583 - Acquire Infrastructure
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
MITREへのリンク →

Magic Hound

Score: 0.57
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1049 - System Network Connections Discovery
  • T1562 - Impair Defenses
  • T1486 - Data Encrypted for Impact
  • T1016.002 - Wi-Fi Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1505.003 - Web Shell
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1591.001 - Determine Physical Locations
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1078.001 - Default Accounts
  • T1573 - Encrypted Channel
  • T1585.002 - Email Accounts
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る