Trusted Design

Latest Xloader Obfuscation Methods and Network Protocol

概要

Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since version 8.1, the Xloader developer applied several changes to the code obfuscation. The purpose of this blog is to describe the latest obfuscation methods and provide an in-depth analysis of the network communication protocol. We highly recommend reading our previous blogs about Xloader in order to get a better understanding of the malware’s internals.

Created: 2026-04-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 31.17
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1219.002 - Remote Desktop Software
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Daggerfly

Score: 7.64
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
MITREへのリンク →

GALLIUM

Score: 18.24
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT29

Score: 39.82
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1621 - Multi-Factor Authentication Request Generation
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1090.004 - Domain Fronting
  • T1027.006 - HTML Smuggling
  • T1651 - Cloud Administration Command
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 25.92
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1134.003 - Make and Impersonate Token
  • T1550.002 - Pass the Hash
  • T1090.001 - Internal Proxy
MITREへのリンク →

Dragonfly

Score: 23.79
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Ke3chang

Score: 19.45
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Agrius

Score: 9.37
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
MITREへのリンク →

APT41

Score: 36.71
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1595.003 - Wordlist Scanning
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT5

Score: 13.40
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

menuPass

Score: 14.82
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 19.91
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1053.002 - At
MITREへのリンク →

Wizard Spider

Score: 23.29
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Ember Bear

Score: 19.33
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Sea Turtle

Score: 21.04
Matched TTPs:
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 14.31
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 22.79
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1591.004 - Identify Roles
  • T1018 - Remote System Discovery
MITREへのリンク →

Kimsuky

Score: 44.11
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1550.002 - Pass the Hash
MITREへのリンク →

Moonstone Sleet

Score: 18.82
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 11.72
Matched TTPs:
  • T1587.001 - Malware
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 27.38
Matched TTPs:
  • T1587.001 - Malware
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

OilRig

Score: 29.31
Matched TTPs:
  • T1587.001 - Malware
  • T1556.002 - Password Filter DLL
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1137.004 - Outlook Home Page
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

UNC3886

Score: 14.03
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
MITREへのリンク →

LuminousMoth

Score: 11.19
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Sandworm Team

Score: 28.52
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
MITREへのリンク →

Salt Typhoon

Score: 6.31
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 15.23
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Aoqin Dragon

Score: 3.39
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
MITREへのリンク →

RedCurl

Score: 7.97
Matched TTPs:
  • T1587.001 - Malware
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
MITREへのリンク →

Moses Staff

Score: 5.04
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Turla

Score: 22.81
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1055 - Process Injection
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Mustang Panda

Score: 26.69
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1052.001 - Exfiltration over USB
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TeamTNT

Score: 21.16
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

FIN7

Score: 19.11
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1591.004 - Identify Roles
MITREへのリンク →

Scattered Spider

Score: 53.13
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1041 - Exfiltration Over C2 Channel
  • T1621 - Multi-Factor Authentication Request Generation
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Storm-0501

Score: 15.00
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN6

Score: 21.65
Matched TTPs:
  • T1213.006 - Databases
  • T1555.003 - Credentials from Web Browsers
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Sidewinder

Score: 11.19
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 13.49
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
MITREへのリンク →

APT32

Score: 32.82
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1068 - Exploitation for Privilege Escalation
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Magic Hound

Score: 21.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT28

Score: 23.76
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1550.002 - Pass the Hash
MITREへのリンク →

Star Blizzard

Score: 12.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 11.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 7.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

HAFNIUM

Score: 14.24
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1018 - Remote System Discovery
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA2541

Score: 8.57
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Earth Lusca

Score: 15.33
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 4.31
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
MITREへのリンク →

Gamaredon Group

Score: 26.15
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1027.004 - Compile After Delivery
MITREへのリンク →

SideCopy

Score: 9.41
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

TA505

Score: 10.69
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

BlackByte

Score: 25.20
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1134.003 - Make and Impersonate Token
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

BITTER

Score: 4.07
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 8.34
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1593.001 - Social Media
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 12.15
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
MITREへのリンク →

Rocke

Score: 8.43
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1018 - Remote System Discovery
MITREへのリンク →

Volt Typhoon

Score: 26.41
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1591.004 - Identify Roles
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

BackdoorDiplomacy

Score: 3.20
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Medusa Group

Score: 15.88
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
MITREへのリンク →

Fox Kitten

Score: 11.54
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

ToddyCat

Score: 8.57
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 5.31
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1134 - Access Token Manipulation
MITREへのリンク →

Winter Vivern

Score: 9.03
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1189 - Drive-by Compromise
MITREへのリンク →

Leviathan

Score: 17.13
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 8.77
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

MuddyWater

Score: 27.45
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 10.64
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

APT38

Score: 21.56
Matched TTPs:
  • T1055 - Process Injection
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Silence

Score: 5.43
Matched TTPs:
  • T1055 - Process Injection
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Cobalt Group

Score: 8.69
Matched TTPs:
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

APT37

Score: 9.31
Matched TTPs:
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Velvet Ant

Score: 10.22
Matched TTPs:
  • T1055 - Process Injection
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
MITREへのリンク →

PLATINUM

Score: 6.32
Matched TTPs:
  • T1055 - Process Injection
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
MITREへのリンク →

LAPSUS$

Score: 22.62
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1583.003 - Virtual Private Server
  • T1621 - Multi-Factor Authentication Request Generation
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1591.004 - Identify Roles
MITREへのリンク →

APT3

Score: 15.88
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1041 - Exfiltration Over C2 Channel
  • T1018 - Remote System Discovery
MITREへのリンク →

APT33

Score: 10.84
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Stealth Falcon

Score: 5.50
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Leafminer

Score: 13.72
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 5.69
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
MITREへのリンク →

admin@338

Score: 4.50
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Lotus Blossom

Score: 12.82
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT19

Score: 3.24
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 5.95
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Tropic Trooper

Score: 11.67
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1052.001 - Exfiltration over USB
  • T1027.003 - Steganography
MITREへのリンク →

Naikon

Score: 3.01
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Chimera

Score: 16.73
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Darkhotel

Score: 4.53
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Higaisa

Score: 6.37
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1090.001 - Internal Proxy
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

Dark Caracal

Score: 5.59
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Confucius

Score: 5.61
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Windigo

Score: 3.06
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 6.57
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1053.002 - At
MITREへのリンク →

BRONZE BUTLER

Score: 13.28
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1053.002 - At
MITREへのリンク →

Andariel

Score: 6.53
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA551

Score: 5.37
Matched TTPs:
  • T1218.005 - Mshta
  • T1027.003 - Steganography
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Aquatic Panda

Score: 4.54
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1550.002 - Pass the Hash
MITREへのリンク →

FIN8

Score: 10.15
Matched TTPs:
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Storm-1811

Score: 7.79
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1219.002 - Remote Desktop Software
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

Windshift

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1538 - Cloud Service Dashboard
  • T1068 - Exploitation for Privilege Escalation
  • T1562.001 - Disable or Modify Tools
  • T1016 - System Network Configuration Discovery
  • T1484.002 - Trust Modification
  • T1556.009 - Conditional Access Policies
  • T1598 - Phishing for Information
  • T1589 - Gather Victim Identity Information
  • T1018 - Remote System Discovery
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1598.004 - Spearphishing Voice
  • T1486 - Data Encrypted for Impact
  • T1621 - Multi-Factor Authentication Request Generation
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1552.001 - Credentials In Files
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Kimsuky

Score: 0.58
Matched TTPs:
  • T1593.001 - Social Media
  • T1055 - Process Injection
  • T1550.002 - Pass the Hash
  • T1587.001 - Malware
  • T1016 - System Network Configuration Discovery
  • T1071.002 - File Transfer Protocols
  • T1598 - Phishing for Information
  • T1534 - Internal Spearphishing
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1555.003 - Credentials from Web Browsers
  • T1218.005 - Mshta
  • T1598.003 - Spearphishing Link
  • T1041 - Exfiltration Over C2 Channel
  • T1190 - Exploit Public-Facing Application
  • T1552.001 - Credentials In Files
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る