Trusted Design

Supply Chain Poisoning via PyPI Repository Compromise

概要

Xinference, an open-source distributed AI model inference framework, suffered a supply chain attack when attackers compromised PyPI release credentials of maintainers and published three malicious versions (2.6.0, 2.6.1, 2.6.2) on April 22, 2026. The malicious code, encoded in Base64 layers within __init__.py, executes automatically upon library installation or import, collecting cloud credentials, SSH keys, API tokens, database passwords, cryptocurrency wallets, and environment variables. The payload specifically targets AWS environments through metadata service exploitation and uploads stolen data to attacker-controlled infrastructure. The attack affects users who downloaded these versions from PyPI, which has over 680,000 total downloads. Attribution remains unclear as TeamPCP's name appears in the code but the group denies involvement, suggesting third-party impersonation.

Created: 2026-04-28

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Inception

Score: 5.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
MITREへのリンク →

Dark Caracal

Score: 9.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 4.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 4.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 4.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 36.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1588.003 - Code Signing Certificates
  • T1027.018 - Invisible Unicode
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT18

Score: 6.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Leviathan

Score: 11.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 12.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 14.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 32.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1608.001 - Upload Malware
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 9.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 11.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 5.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

TA505

Score: 13.58
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 5.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

APT19

Score: 4.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 20.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 29.58
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

TA2541

Score: 13.98
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 8.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
MITREへのリンク →

Magic Hound

Score: 28.22
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 9.49
Matched TTPs:
  • T1491.002 - External Defacement
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 13.79
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
  • T1001.001 - Junk Data
MITREへのリンク →

Tropic Trooper

Score: 7.20
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1136.003 - Cloud Account
MITREへのリンク →

Contagious Interview

Score: 33.71
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 16.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Moses Staff

Score: 8.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 11.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
MITREへのリンク →

Metador

Score: 4.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 36.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1562 - Impair Defenses
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1592.002 - Software
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 29.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 23.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 11.93
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 16.50
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT29

Score: 28.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1223 - Compiled HTML File
  • T1555.004 - Windows Credential Manager
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 19.96
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1668 - Exclusive Control
MITREへのリンク →

Dragonfly

Score: 30.50
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 16.41
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 11.90
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 57.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.004 - Private Keys
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1041 - Exfiltration Over C2 Channel
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT5

Score: 13.80
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1102 - Web Service
MITREへのリンク →

Wizard Spider

Score: 26.93
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 24.75
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Sea Turtle

Score: 18.52
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 16.33
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 21.29
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1562 - Impair Defenses
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
MITREへのリンク →

Kimsuky

Score: 48.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1041 - Exfiltration Over C2 Channel
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Indrik Spider

Score: 11.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 13.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

LuminousMoth

Score: 13.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 38.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 12.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

RedCurl

Score: 5.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 33.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustang Panda

Score: 34.15
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1102 - Web Service
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 24.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 52.61
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 12.99
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN6

Score: 21.57
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Silent Librarian

Score: 10.01
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 14.85
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 14.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 14.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 7.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 14.55
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Volt Typhoon

Score: 29.69
Matched TTPs:
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1102 - Web Service
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Earth Lusca

Score: 23.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 5.10
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 8.13
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 26.25
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 9.41
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

BlackByte

Score: 28.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1606.001 - Web Cookies
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

EXOTIC LILY

Score: 11.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 10.82
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Rocke

Score: 14.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1552.004 - Private Keys
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

BackdoorDiplomacy

Score: 3.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 21.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 7.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 7.88
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 10.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 9.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

MuddyWater

Score: 21.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Akira

Score: 14.17
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Leafminer

Score: 12.56
Matched TTPs:
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Stealth Falcon

Score: 8.16
Matched TTPs:
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Evilnum

Score: 4.03
Matched TTPs:
  • T1562 - Impair Defenses
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT38

Score: 28.19
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 8.86
Matched TTPs:
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 8.84
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 6.28
Matched TTPs:
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Velvet Ant

Score: 6.60
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

PLATINUM

Score: 6.32
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LAPSUS$

Score: 28.44
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT3

Score: 11.68
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 3.41
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 14.29
Matched TTPs:
  • T1552.004 - Private Keys
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

APT1

Score: 8.96
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1668 - Exclusive Control
MITREへのリンク →

Lotus Blossom

Score: 6.86
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Naikon

Score: 3.01
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 9.16
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Andariel

Score: 4.22
Matched TTPs:
  • T1136.002 - Domain Account
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 5.67
Matched TTPs:
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Tonto Team

Score: 4.84
Matched TTPs:
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

FIN5

Score: 5.49
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 8.95
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

FIN8

Score: 8.76
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Windshift

Score: 5.65
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT41

Score: 0.70
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1562.012 - Disable or Modify Linux Audit System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1574.002 - DLL Side-Loading
  • T1157 - Dylib Hijacking
  • T1584.008 - Network Devices
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562 - Impair Defenses
  • T1027 - Obfuscated Files or Information
  • T1177 - LSASS Driver
  • T1590.006 - Network Security Appliances
  • T1041 - Exfiltration Over C2 Channel
  • T1684 - Social Engineering
  • T1564.003 - Hidden Window
  • T1030 - Data Transfer Size Limits
  • T1668 - Exclusive Control
  • T1134 - Access Token Manipulation
  • T1552.004 - Private Keys
  • T1097 - Pass the Ticket
  • T1045 - Software Packing
MITREへのリンク →

Scattered Spider

Score: 0.64
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1597 - Search Closed Sources
  • T1019 - System Firmware
  • T1039 - Data from Network Shared Drive
  • T1157 - Dylib Hijacking
  • T1547.005 - Security Support Provider
  • T1136.002 - Domain Account
  • T1087.004 - Cloud Account
  • T1619 - Cloud Storage Object Discovery
  • T1027 - Obfuscated Files or Information
  • T1590.006 - Network Security Appliances
  • T1566.002 - Spearphishing Link
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1030 - Data Transfer Size Limits
  • T1552.003 - Shell History
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1045 - Software Packing
MITREへのリンク →

Kimsuky

Score: 0.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1562.012 - Disable or Modify Linux Audit System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1087.004 - Cloud Account
  • T1606.002 - SAML Tokens
  • T1590.006 - Network Security Appliances
  • T1656 - Impersonation
  • T1041 - Exfiltration Over C2 Channel
  • T1684 - Social Engineering
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1197 - BITS Jobs
  • T1030 - Data Transfer Size Limits
  • T1668 - Exclusive Control
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1690 - Prevent Command History Logging
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る