Trusted Design

Ringing in Chaos: How TeamPCP Weaponized the Telnyx Python SDK

概要

TeamPCP uploaded malicious versions of the telnyx Python SDK to PyPI, compromising a package with 750,000 monthly downloads. The attack uses a three-stage architecture: a trojanized package triggers a platform-specific loader, which downloads a second-stage payload hidden in a WAV file using steganography, deploying a credential harvester. The harvester steals various credentials, encrypts them, and exfiltrates to the attacker's C2. The attack works across major operating systems and spreads through Kubernetes clusters. This is part of a broader TeamPCP supply chain campaign that has targeted multiple packages over nine days. The sophisticated attack includes WAV and PNG steganography, hybrid encryption, Kubernetes lateral movement, and a full-featured RAT on Windows with advanced evasion techniques.

Created: 2026-05-01

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 36.26
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Kimsuky

Score: 55.20
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1565.002 - Transmitted Data Manipulation
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 17.83
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1059.013 - Container CLI/API
MITREへのリンク →

Contagious Interview

Score: 29.78
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 5.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
MITREへのリンク →

Dark Caracal

Score: 10.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 3.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 9.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 6.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1115 - Clipboard Data
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 26.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
MITREへのリンク →

APT18

Score: 7.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 17.98
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sidewinder

Score: 12.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

APT39

Score: 12.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lazarus Group

Score: 42.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1016.001 - Internet Connection Discovery
  • T1071.004 - DNS
  • T1606.002 - SAML Tokens
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 5.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
MITREへのリンク →

APT33

Score: 5.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
MITREへのリンク →

BITTER

Score: 3.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
MITREへのリンク →

TA505

Score: 10.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Higaisa

Score: 5.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

APT19

Score: 4.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 13.14
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 24.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA2541

Score: 7.70
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
MITREへのリンク →

Magic Hound

Score: 27.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 9.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 6.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 16.01
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

menuPass

Score: 16.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Moses Staff

Score: 8.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 21.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1071.003 - Mail Protocols
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 31.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1212 - Exploitation for Credential Access
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1592.002 - Software
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 33.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1592.004 - Client Configurations
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Moonstone Sleet

Score: 22.95
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 17.91
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

CopyKittens

Score: 3.15
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
MITREへのリンク →

UNC3886

Score: 21.56
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1547.015 - Login Items
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
MITREへのリンク →

Lotus Blossom

Score: 13.04
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Mustard Tempest

Score: 11.31
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 10.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 18.24
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT29

Score: 28.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1036.004 - Masquerade Task or Service
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1223 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 27.53
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1668 - Exclusive Control
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Dragonfly

Score: 29.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 22.19
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 47.90
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1071.004 - DNS
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1002 - Data Compressed
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT5

Score: 10.94
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 20.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Ember Bear

Score: 19.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 11.79
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 26.40
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1212 - Exploitation for Credential Access
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 27.16
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1212 - Exploitation for Credential Access
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

LazyScripter

Score: 7.06
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
MITREへのリンク →

Cobalt Group

Score: 5.67
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1573 - Encrypted Channel
MITREへのリンク →

FIN7

Score: 32.86
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Indrik Spider

Score: 14.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

LuminousMoth

Score: 20.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Sandworm Team

Score: 31.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
MITREへのリンク →

Salt Typhoon

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 14.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 6.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1219.001 - IDE Tunneling
MITREへのリンク →

RedCurl

Score: 5.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
MITREへのリンク →

Turla

Score: 26.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1176 - Software Extensions
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1212 - Exploitation for Credential Access
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Scattered Spider

Score: 43.06
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Storm-0501

Score: 15.00
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Silent Librarian

Score: 10.01
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 5.90
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Star Blizzard

Score: 14.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 17.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 5.52
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HAFNIUM

Score: 9.63
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volt Typhoon

Score: 30.13
Matched TTPs:
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1057 - Process Discovery
  • T1212 - Exploitation for Credential Access
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1134 - Access Token Manipulation
MITREへのリンク →

Gamaredon Group

Score: 19.66
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

Earth Lusca

Score: 15.92
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

SideCopy

Score: 9.41
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

BlackByte

Score: 20.46
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

EXOTIC LILY

Score: 10.63
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 9.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Rocke

Score: 10.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

BackdoorDiplomacy

Score: 3.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 20.51
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

ToddyCat

Score: 10.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 10.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 8.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

MuddyWater

Score: 18.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

LAPSUS$

Score: 12.33
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1157 - Dylib Hijacking
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT38

Score: 24.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Velvet Ant

Score: 7.17
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

APT1

Score: 8.24
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1668 - Exclusive Control
MITREへのリンク →

Leafminer

Score: 11.67
Matched TTPs:
  • T1101 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

admin@338

Score: 7.66
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

APT3

Score: 13.83
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
MITREへのリンク →

Stealth Falcon

Score: 3.44
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Naikon

Score: 3.01
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 10.25
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Confucius

Score: 5.61
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
MITREへのリンク →

Windigo

Score: 3.06
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

PROMETHIUM

Score: 5.90
Matched TTPs:
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Tonto Team

Score: 3.15
Matched TTPs:
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

Silence

Score: 6.41
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aquatic Panda

Score: 4.54
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

FIN8

Score: 5.31
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windshift

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1668 - Exclusive Control
  • T1590.006 - Network Security Appliances
  • T1566.002 - Spearphishing Link
  • T1690 - Prevent Command History Logging
  • T1016.001 - Internet Connection Discovery
  • T1037 - Boot or Logon Initialization Scripts
  • T1003.003 - NTDS
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1055.014 - VDSO Hijacking
  • T1009 - Binary Padding
  • T1565.002 - Transmitted Data Manipulation
  • T1219.001 - IDE Tunneling
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1218.012 - Verclsid
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1668 - Exclusive Control
  • T1590.006 - Network Security Appliances
  • T1574.009 - Path Interception by Unquoted Path
  • T1584.008 - Network Devices
  • T1002 - Data Compressed
  • T1055.004 - Asynchronous Procedure Call
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
  • T1219.001 - IDE Tunneling
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1071.004 - DNS
  • T1564.003 - Hidden Window
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る