Trusted Design

Takes Aim at the Ransomware Throne

概要

In February 2025, BlackBasta ransomware operations ceased after their internal chat logs were leaked online, leading to disbandment. However, former affiliates continued launching attacks using different ransomware families, including the relatively unknown Payouts King group that emerged in April 2025. ThreatLabz has observed continued ransomware activity consistent with former BlackBasta initial access brokers since early 2026, utilizing similar tactics including spam bombing, Microsoft Teams phishing, and Quick Assist abuse. Payouts King implements sophisticated evasion techniques including stack-based string obfuscation, API hashing, and direct system calls to terminate security processes. The ransomware leverages 4,096-bit RSA and 256-bit AES counter mode encryption, selectively encrypting files while targeting security software and employing anti-forensics techniques like shadow copy deletion and event log clearing.

Created: 2026-04-17

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 13.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

menuPass

Score: 16.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 22.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT33

Score: 8.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Fox Kitten

Score: 23.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

CopyKittens

Score: 7.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 33.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 8.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 33.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1136.003 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

Play

Score: 13.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 16.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
MITREへのリンク →

Sea Turtle

Score: 26.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 14.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 9.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1051 - Shared Webroot
MITREへのリンク →

APT5

Score: 13.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 13.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

GALLIUM

Score: 16.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 43.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

MuddyWater

Score: 24.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1159 - Launch Agent
MITREへのリンク →

APT28

Score: 23.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
MITREへのリンク →

Turla

Score: 35.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

BRONZE BUTLER

Score: 10.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

UNC3886

Score: 16.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 43.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 15.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN8

Score: 9.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 19.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lotus Blossom

Score: 11.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 25.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 20.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Magic Hound

Score: 39.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 4.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 17.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 15.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

ToddyCat

Score: 11.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 16.05
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 31.23
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

Mustard Tempest

Score: 11.31
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 7.64
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT29

Score: 31.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1223 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 30.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 20.00
Matched TTPs:
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ember Bear

Score: 22.69
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 11.79
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 23.50
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

Winter Vivern

Score: 13.63
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 12.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 11.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Contagious Interview

Score: 31.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 30.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1547.008 - LSASS Driver
MITREへのリンク →

LuminousMoth

Score: 16.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 30.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 5.98
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1199 - Trusted Relationship
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 15.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN7

Score: 23.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Scattered Spider

Score: 50.94
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
MITREへのリンク →

Storm-0501

Score: 12.99
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sidewinder

Score: 11.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

Silent Librarian

Score: 10.09
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 8.04
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

APT32

Score: 29.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Star Blizzard

Score: 14.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 16.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 5.07
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 6.32
Matched TTPs:
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Rocke

Score: 11.87
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

Velvet Ant

Score: 12.36
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

Gamaredon Group

Score: 28.42
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1059.013 - Container CLI/API
MITREへのリンク →

Darkhotel

Score: 4.80
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tropic Trooper

Score: 15.27
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1159 - Launch Agent
MITREへのリンク →

TA2541

Score: 10.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

LazyScripter

Score: 5.83
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
MITREへのリンク →

SideCopy

Score: 10.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 11.00
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BlackByte

Score: 25.05
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.010 - Downgrade Attack
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

BITTER

Score: 12.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
MITREへのリンク →

EXOTIC LILY

Score: 9.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 8.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1199 - Trusted Relationship
MITREへのリンク →

BackdoorDiplomacy

Score: 6.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 16.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 8.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Leviathan

Score: 8.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

Storm-1811

Score: 7.23
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT38

Score: 28.59
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 9.71
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 9.54
Matched TTPs:
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

APT37

Score: 4.22
Matched TTPs:
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

PLATINUM

Score: 8.99
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LAPSUS$

Score: 29.44
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1137.004 - Outlook Home Page
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 4.61
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Leafminer

Score: 6.68
Matched TTPs:
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Inception

Score: 5.94
Matched TTPs:
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

Confucius

Score: 4.31
Matched TTPs:
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Higaisa

Score: 4.90
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1569.002 - Service Execution
MITREへのリンク →

Stealth Falcon

Score: 5.59
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

DarkVishnya

Score: 3.37
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
MITREへのリンク →

FIN5

Score: 6.34
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Metador

Score: 3.52
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dark Caracal

Score: 7.73
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Windshift

Score: 7.03
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1588.005 - Exploits
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1564.003 - Hidden Window
  • T1039 - Data from Network Shared Drive
  • T1045 - Software Packing
  • T1051 - Shared Webroot
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1547.005 - Security Support Provider
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1583.001 - Domains
  • T1597 - Search Closed Sources
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1157 - Dylib Hijacking
  • T1019 - System Firmware
  • T1027.002 - Software Packing
MITREへのリンク →

Kimsuky

Score: 0.60
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1003.003 - NTDS
  • T1087.004 - Cloud Account
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1218.012 - Verclsid
  • T1016.001 - Internet Connection Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1684 - Social Engineering
  • T1656 - Impersonation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.002 - SAML Tokens
  • T1690 - Prevent Command History Logging
MITREへのリンク →

APT41

Score: 0.60
Matched TTPs:
  • T1045 - Software Packing
  • T1574.002 - DLL Side-Loading
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1134 - Access Token Manipulation
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1564.003 - Hidden Window
  • T1041 - Exfiltration Over C2 Channel
  • T1684 - Social Engineering
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1055.004 - Asynchronous Procedure Call
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1177 - LSASS Driver
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る