Trusted Design

Tall Tales: How Chinese Actors Use Impersonation and Stolen Narratives to Perpetuate Digital Transnational Repression

概要

In collaboration with the International Consortium of Investigative Journalists (ICIJ), two distinct actor clusters aligned with the People's Republic of China were identified targeting journalists and civil society members. GLITTER CARP conducted widespread credential harvesting campaigns against Uyghur, Tibetan, Taiwanese, and Hong Kong diaspora activists, as well as journalists covering these communities, employing digital impersonation and fake security alerts while frequently reusing infrastructure. SEQUIN CARP specifically targeted journalists involved in ICIJ's China Targets investigation using sophisticated OAuth consent phishing attacks with well-developed personas based on co-opted narratives, though operational mistakes revealed poor persona management. Both campaigns demonstrate China's Military-Civil Fusion system leveraging private contractors to conduct digital transnational repression at scale, with targeting intensifying following the China Targets publication that exposed Chinese governme...

Created: 2026-04-28

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 28.03
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1102.003 - One-Way Communication
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 10.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 13.81
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 31.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 16.86
Matched TTPs:
  • T1584.008 - Network Devices
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Dragonfly

Score: 21.94
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 12.61
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 9.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 26.25
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1002 - Data Compressed
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT5

Score: 16.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1165 - Startup Items
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 14.28
Matched TTPs:
  • T1584.008 - Network Devices
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 17.53
Matched TTPs:
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 15.71
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 23.54
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1519 - Emond
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 13.04
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
MITREへのリンク →

Axiom

Score: 10.02
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
MITREへのリンク →

HEXANE

Score: 15.64
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Scattered Spider

Score: 39.54
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1165 - Startup Items
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 12.48
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1480 - Execution Guardrails
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sidewinder

Score: 9.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustang Panda

Score: 26.29
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1102.003 - One-Way Communication
  • T1136.003 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 29.16
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 9.35
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 23.94
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 40.67
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1218.012 - Verclsid
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
MITREへのリンク →

Magic Hound

Score: 33.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1134 - Access Token Manipulation
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 20.33
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 15.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
MITREへのリンク →

Moonstone Sleet

Score: 18.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 10.37
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 3.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 26.24
Matched TTPs:
  • T1165 - Startup Items
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 18.63
Matched TTPs:
  • T1165 - Startup Items
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

Leviathan

Score: 14.91
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1562.011 - Spoof Security Alerting
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 5.07
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 4.03
Matched TTPs:
  • T1165 - Startup Items
  • T1597 - Search Closed Sources
MITREへのリンク →

Fox Kitten

Score: 17.50
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

TeamTNT

Score: 15.31
Matched TTPs:
  • T1165 - Startup Items
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1519 - Emond
MITREへのリンク →

Storm-1811

Score: 7.10
Matched TTPs:
  • T1165 - Startup Items
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Salt Typhoon

Score: 3.71
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

OilRig

Score: 26.53
Matched TTPs:
  • T1165 - Startup Items
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 11.69
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Indrik Spider

Score: 9.34
Matched TTPs:
  • T1165 - Startup Items
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Rocke

Score: 10.48
Matched TTPs:
  • T1165 - Startup Items
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT39

Score: 9.80
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 13.38
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

INC Ransom

Score: 12.21
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Velvet Ant

Score: 12.18
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Volt Typhoon

Score: 26.00
Matched TTPs:
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
MITREへのリンク →

Turla

Score: 21.08
Matched TTPs:
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 21.59
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 10.21
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aoqin Dragon

Score: 3.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Darkhotel

Score: 3.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Tropic Trooper

Score: 20.07
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1128 - Netsh Helper DLL
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

TA2541

Score: 12.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 19.42
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1562.011 - Spoof Security Alerting
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 3.33
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

TA505

Score: 7.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 21.00
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

BITTER

Score: 10.36
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 5.13
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 9.70
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 8.85
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1128 - Netsh Helper DLL
MITREへのリンク →

BackdoorDiplomacy

Score: 7.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 17.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 9.94
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Winter Vivern

Score: 6.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

Moses Staff

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Play

Score: 6.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

MuddyWater

Score: 15.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Akira

Score: 15.77
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT38

Score: 17.08
Matched TTPs:
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 5.43
Matched TTPs:
  • T1684 - Social Engineering
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 15.72
Matched TTPs:
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 5.49
Matched TTPs:
  • T1684 - Social Engineering
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

PLATINUM

Score: 7.22
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LAPSUS$

Score: 17.05
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1601 - Modify System Image
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tonto Team

Score: 3.86
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

APT3

Score: 10.59
Matched TTPs:
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Andariel

Score: 4.77
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Lotus Blossom

Score: 7.12
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 9.24
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1134 - Access Token Manipulation
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA551

Score: 5.37
Matched TTPs:
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

FIN6

Score: 18.64
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1128 - Netsh Helper DLL
  • T1203 - Exploitation for Client Execution
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 6.37
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN8

Score: 11.51
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 4.88
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

RedCurl

Score: 4.11
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Windshift

Score: 3.88
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1684 - Social Engineering
  • T1102.003 - One-Way Communication
  • T1656 - Impersonation
  • T1197 - BITS Jobs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1057 - Process Discovery
  • T1690 - Prevent Command History Logging
  • T1555.003 - Credentials from Web Browsers
  • T1055.014 - VDSO Hijacking
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Scattered Spider

Score: 0.68
Matched TTPs:
  • T1583.001 - Domains
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
  • T1597 - Search Closed Sources
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1019 - System Firmware
  • T1157 - Dylib Hijacking
  • T1165 - Startup Items
  • T1039 - Data from Network Shared Drive
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Magic Hound

Score: 0.58
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1683 - Generate Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.009 - Break Process Trees
  • T1597 - Search Closed Sources
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1547.005 - Security Support Provider
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る