Trusted Design

OT-Focused Malware Highlights Emerging Risk to Water Infrastructure Systems

概要

ZionSiphon is operational technology-focused malware targeting water treatment and desalination facilities in Israel. The sample demonstrates ICS-awareness through industrial protocol interaction capabilities including Modbus, with incomplete support for DNP3 and S7comm. It incorporates geographic and environmental validation controls designed to restrict execution to Israeli water infrastructure systems. The malware attempts persistence through registry autorun entries, privilege escalation, and removable media propagation. Functionality includes network discovery of industrial devices, process manipulation targeting chlorine dosing and flow control, and configuration file modification. A critical validation flaw prevents successful execution, suggesting the analyzed sample represents incomplete development or testing. Embedded pro-Iran and anti-Israel messaging indicates politically motivated intent, though no specific threat actor attribution exists.

Created: 2026-04-28

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 42.10
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1016 - System Network Configuration Discovery
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1565.002 - Transmitted Data Manipulation
  • T1651 - Cloud Administration Command
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Inception

Score: 5.14
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1218.012 - Verclsid
MITREへのリンク →

Dark Caracal

Score: 5.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 4.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 12.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1591.003 - Identify Business Tempo
  • T1120 - Peripheral Device Discovery
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 4.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 37.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1553.004 - Install Root Certificate
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1588.003 - Code Signing Certificates
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 4.22
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 18.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 14.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 9.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 35.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 6.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 11.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

BITTER

Score: 5.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

TA505

Score: 11.59
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 6.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1553.004 - Install Root Certificate
MITREへのリンク →

APT19

Score: 8.43
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 13.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 22.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA2541

Score: 12.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 32.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 13.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 8.81
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1001.001 - Junk Data
MITREへのリンク →

Tropic Trooper

Score: 14.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1058 - Service Registry Permissions Weakness
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 15.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Moses Staff

Score: 11.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 19.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 30.98
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT32

Score: 35.63
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1092 - Communication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1174 - Password Filter DLL
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

Moonstone Sleet

Score: 27.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Mustard Tempest

Score: 10.84
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 13.14
Matched TTPs:
  • T1584.008 - Network Devices
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 15.28
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 32.62
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 18.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Dragonfly

Score: 30.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 17.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 9.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 41.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1002 - Data Compressed
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

APT5

Score: 13.87
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 23.42
Matched TTPs:
  • T1584.008 - Network Devices
  • T1120 - Peripheral Device Discovery
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 18.41
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Silent Librarian

Score: 13.17
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

Sea Turtle

Score: 18.90
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1059.013 - Container CLI/API
MITREへのリンク →

Mustang Panda

Score: 39.66
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1092 - Communication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

UNC3886

Score: 22.35
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
MITREへのリンク →

LuminousMoth

Score: 15.46
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 5.98
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Axiom

Score: 11.79
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 17.68
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
MITREへのリンク →

Kimsuky

Score: 51.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1092 - Communication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1553.004 - Install Root Certificate
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 17.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
MITREへのリンク →

Sandworm Team

Score: 35.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 17.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1498 - Network Denial of Service
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 11.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 5.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

RedCurl

Score: 10.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1591.003 - Identify Business Tempo
  • T1120 - Peripheral Device Discovery
  • T1051 - Shared Webroot
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 28.90
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1120 - Peripheral Device Discovery
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 39.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1092 - Communication Through Removable Media
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1553.004 - Install Root Certificate
  • T1065 - Uncommonly Used Port
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Medusa Group

Score: 29.12
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1553.004 - Install Root Certificate
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Gamaredon Group

Score: 27.07
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1120 - Peripheral Device Discovery
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1092 - Communication Through Removable Media
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1553.004 - Install Root Certificate
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 8.54
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 6.33
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
MITREへのリンク →

FIN6

Score: 15.75
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Scattered Spider

Score: 35.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

ZIRCONIUM

Score: 12.03
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 11.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 15.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 6.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 12.19
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
MITREへのリンク →

BlackByte

Score: 26.02
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Rocke

Score: 11.98
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT37

Score: 5.43
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT38

Score: 26.93
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 21.66
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 15.52
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1553.004 - Install Root Certificate
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-0501

Score: 7.94
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

APT42

Score: 6.94
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

SideCopy

Score: 10.61
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

FIN8

Score: 12.71
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

Aquatic Panda

Score: 5.59
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1597 - Search Closed Sources
MITREへのリンク →

Winter Vivern

Score: 12.01
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 6.85
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 4.41
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Volt Typhoon

Score: 30.52
Matched TTPs:
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Earth Lusca

Score: 19.87
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 11.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

BackdoorDiplomacy

Score: 4.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

ToddyCat

Score: 12.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1553.004 - Install Root Certificate
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volatile Cedar

Score: 9.96
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 8.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Silence

Score: 5.43
Matched TTPs:
  • T1684 - Social Engineering
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 12.98
Matched TTPs:
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

PLATINUM

Score: 6.32
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

Deep Panda

Score: 8.99
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1553.004 - Install Root Certificate
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tonto Team

Score: 3.86
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

APT1

Score: 5.49
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

LAPSUS$

Score: 11.27
Matched TTPs:
  • T1019 - System Firmware
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Leafminer

Score: 10.37
Matched TTPs:
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lotus Blossom

Score: 4.75
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
MITREへのリンク →

Naikon

Score: 3.01
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 6.17
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gorgon Group

Score: 4.20
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1553.004 - Install Root Certificate
MITREへのリンク →

DarkHydrus

Score: 6.53
Matched TTPs:
  • T1531 - Account Access Removal
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Evilnum

Score: 4.29
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1183 - Image File Execution Options Injection
  • T1009 - Binary Padding
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1051 - Shared Webroot
  • T1565.002 - Transmitted Data Manipulation
  • T1606.002 - SAML Tokens
  • T1690 - Prevent Command History Logging
  • T1003.003 - NTDS
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1553.004 - Install Root Certificate
  • T1120 - Peripheral Device Discovery
  • T1684 - Social Engineering
  • T1057 - Process Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1092 - Communication Through Removable Media
  • T1218.012 - Verclsid
  • T1197 - BITS Jobs
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Contagious Interview

Score: 0.58
Matched TTPs:
  • T1690 - Prevent Command History Logging
  • T1044 - File System Permissions Weakness
  • T1021.006 - Windows Remote Management
  • T1016 - System Network Configuration Discovery
  • T1556 - Modify Authentication Process
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1651 - Cloud Administration Command
  • T1183 - Image File Execution Options Injection
  • T1547.008 - LSASS Driver
  • T1027.018 - Invisible Unicode
  • T1491.002 - External Defacement
  • T1565.002 - Transmitted Data Manipulation
  • T1120 - Peripheral Device Discovery
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT41

Score: 0.58
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1590.006 - Network Security Appliances
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
  • T1208 - Kerberoasting
  • T1002 - Data Compressed
  • T1573 - Encrypted Channel
  • T1120 - Peripheral Device Discovery
  • T1684 - Social Engineering
  • T1157 - Dylib Hijacking
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る