Trusted Design

A Third Vultr Seoul Box: 60+ Kimsuky Domains, 18 Months of DDNS Rotation, and a 5-Year Infrastructure Trail

概要

This analysis documents a third Vultr Seoul VPS (158.247.210.58) associated with Kimsuky operations, featuring over 60 domains across an 18-month period of systematic credential harvesting infrastructure. The actor demonstrates deliberate rotation through seven DDNS providers to evade blocklisting while maintaining the same backend VPS since at least September 2020. The domains systematically impersonate Naver, Korean National Tax Service (HomeTax), and government portals using prefixes like nid-user, n-store, nts-auth, and htax-login. Currently, 31 domains actively resolve while web ports remain closed, indicating a parked and ready operational posture. The infrastructure sits in AS20473 alongside two previously documented Vultr Seoul boxes, demonstrating the actor's clear preference for this provider and geographic proximity to South Korean targets.

Created: 2026-04-28

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 16.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

menuPass

Score: 19.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Wizard Spider

Score: 27.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 10.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 19.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Volt Typhoon

Score: 26.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT1

Score: 7.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1668 - Exclusive Control
MITREへのリンク →

Mustang Panda

Score: 29.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1136.003 - Cloud Account
  • T1567.002 - Exfiltration to Cloud Storage
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 13.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 20.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Sea Turtle

Score: 19.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 14.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedCurl

Score: 7.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 13.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 11.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

GALLIUM

Score: 17.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT41

Score: 55.62
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MuddyWater

Score: 21.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 31.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 31.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 6.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 16.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1547.015 - Login Items
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Kimsuky

Score: 56.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 13.04
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 14.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.017 - SVG Smuggling
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 22.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Lotus Blossom

Score: 10.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN13

Score: 25.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Earth Lusca

Score: 18.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 30.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 6.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

INC Ransom

Score: 16.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 15.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

ToddyCat

Score: 11.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 37.10
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1175 - Component Object Model and Distributed COM
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 5.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
MITREへのリンク →

Dark Caracal

Score: 5.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 4.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 4.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 4.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 5.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 11.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 12.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 26.22
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 9.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 5.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

TA505

Score: 11.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 6.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

APT19

Score: 4.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Threat Group-3390

Score: 17.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA2541

Score: 11.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 6.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
MITREへのリンク →

Storm-1811

Score: 12.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 6.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 11.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 8.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 16.44
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 33.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 29.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 20.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 9.00
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 28.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 33.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ember Bear

Score: 25.51
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 14.31
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 21.69
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
MITREへのリンク →

LazyScripter

Score: 8.42
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 12.79
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 21.94
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Indrik Spider

Score: 9.20
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

LuminousMoth

Score: 9.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 25.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Scattered Spider

Score: 55.24
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 20.05
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 12.88
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 12.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 12.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 7.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Rocke

Score: 18.34
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1114.003 - Email Forwarding Rule
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

Velvet Ant

Score: 11.77
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Mustard Tempest

Score: 5.10
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 19.70
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1175 - Component Object Model and Distributed COM
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 9.41
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

BlackByte

Score: 25.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

EXOTIC LILY

Score: 9.70
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 15.19
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BackdoorDiplomacy

Score: 3.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Medusa Group

Score: 21.79
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 5.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
MITREへのリンク →

Winter Vivern

Score: 10.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

APT38

Score: 26.48
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 5.43
Matched TTPs:
  • T1684 - Social Engineering
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT37

Score: 6.28
Matched TTPs:
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

PLATINUM

Score: 6.32
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LAPSUS$

Score: 24.38
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

Stealth Falcon

Score: 7.14
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 5.36
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Molerats

Score: 3.41
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 17.62
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 3.20
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Naikon

Score: 3.01
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gorgon Group

Score: 5.93
Matched TTPs:
  • T1114.003 - Email Forwarding Rule
  • T1597 - Search Closed Sources
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

PROMETHIUM

Score: 5.90
Matched TTPs:
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN5

Score: 5.49
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Evilnum

Score: 4.29
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windshift

Score: 5.65
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1041 - Exfiltration Over C2 Channel
  • T1690 - Prevent Command History Logging
  • T1218.012 - Verclsid
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1552.003 - Shell History
  • T1003.003 - NTDS
  • T1009 - Binary Padding
  • T1055.014 - VDSO Hijacking
  • T1560.001 - Archive via Utility
  • T1562.012 - Disable or Modify Linux Audit System
  • T1565.002 - Transmitted Data Manipulation
  • T1091 - Replication Through Removable Media
  • T1668 - Exclusive Control
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1684 - Social Engineering
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT41

Score: 0.69
Matched TTPs:
  • T1208 - Kerberoasting
  • T1564.003 - Hidden Window
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1027 - Obfuscated Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1574.002 - DLL Side-Loading
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1584.008 - Network Devices
  • T1002 - Data Compressed
  • T1560.001 - Archive via Utility
  • T1562.012 - Disable or Modify Linux Audit System
  • T1097 - Pass the Ticket
  • T1668 - Exclusive Control
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1030 - Data Transfer Size Limits
  • T1157 - Dylib Hijacking
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Scattered Spider

Score: 0.68
Matched TTPs:
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1027 - Obfuscated Files or Information
  • T1027.002 - Software Packing
  • T1547.005 - Security Support Provider
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1565.002 - Transmitted Data Manipulation
  • T1597 - Search Closed Sources
  • T1583.001 - Domains
  • T1030 - Data Transfer Size Limits
  • T1157 - Dylib Hijacking
  • T1019 - System Firmware
  • T1197 - BITS Jobs
  • T1039 - Data from Network Shared Drive
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る