Trusted Design

Inside a Fake DHL Campaign Built to Steal Credentials

概要

A consumer-targeted credential theft operation uses DHL brand impersonation combined with a fake OTP verification mechanism to harvest passwords from victims. The attack employs an 11-step chain beginning with spoofed shipment notification emails, leading victims through a client-side generated OTP page that creates false trust, then directing them to a DHL-branded credential harvesting portal. The kit captures passwords alongside victim telemetry including IP address, device details, browser fingerprinting, and geolocation data. Exfiltration occurs through EmailJS, a legitimate client-side email service, sending stolen credentials to an attacker-controlled Tutamail address. The campaign concludes by redirecting victims to the legitimate DHL website to avoid suspicion, demonstrating how familiar workflows and brand trust can be weaponized without technical sophistication.

Created: 2026-04-29

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 21.27
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1218.012 - Verclsid
  • T1136.003 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 36.69
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 18.74
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Inception

Score: 3.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.012 - Verclsid
MITREへのリンク →

Dark Caracal

Score: 4.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1547.008 - LSASS Driver
MITREへのリンク →

Transparent Tribe

Score: 5.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1115 - Clipboard Data
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 13.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 3.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 9.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 11.37
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 11.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1599 - Network Boundary Bridging
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 18.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1009 - Binary Padding
  • T1677 - Poisoned Pipeline Execution
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 6.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 6.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 9.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
MITREへのリンク →

TA505

Score: 9.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 15.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 15.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA2541

Score: 11.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 26.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 14.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 9.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 9.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
MITREへのリンク →

Contagious Interview

Score: 17.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 11.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Moses Staff

Score: 5.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

TeamTNT

Score: 10.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 26.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.007 - Proc Filesystem
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1212 - Exploitation for Credential Access
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 25.07
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 14.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Mustard Tempest

Score: 10.90
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 7.24
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 10.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 34.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1036.004 - Masquerade Task or Service
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 15.66
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1134.001 - Token Impersonation/Theft
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Dragonfly

Score: 22.11
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 13.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 7.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 33.47
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

APT5

Score: 13.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

Wizard Spider

Score: 19.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 10.84
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Axiom

Score: 14.56
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
MITREへのリンク →

HEXANE

Score: 17.06
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1055.014 - VDSO Hijacking
  • T1212 - Exploitation for Credential Access
  • T1134 - Access Token Manipulation
MITREへのリンク →

Scattered Spider

Score: 41.15
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 7.94
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sandworm Team

Score: 19.45
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 9.35
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 12.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 11.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 3.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 21.71
Matched TTPs:
  • T1499.004 - Application or System Exploitation
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 8.95
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
MITREへのリンク →

LuminousMoth

Score: 10.21
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 20.13
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 5.86
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

Indrik Spider

Score: 13.47
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
MITREへのリンク →

Turla

Score: 24.51
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1212 - Exploitation for Credential Access
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 4.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 8.64
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1212 - Exploitation for Credential Access
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volt Typhoon

Score: 21.61
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1212 - Exploitation for Credential Access
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

admin@338

Score: 5.67
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 24.05
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

BlackByte

Score: 21.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

EXOTIC LILY

Score: 5.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 13.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1677 - Poisoned Pipeline Execution
  • T1599 - Network Boundary Bridging
MITREへのリンク →

Rocke

Score: 10.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

Medusa Group

Score: 15.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 7.88
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 6.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 7.03
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

UNC3886

Score: 9.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Play

Score: 6.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

MuddyWater

Score: 10.59
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 7.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1498 - Network Denial of Service
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT38

Score: 20.46
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 5.43
Matched TTPs:
  • T1684 - Social Engineering
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 5.91
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Velvet Ant

Score: 6.60
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

PLATINUM

Score: 4.55
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

LAPSUS$

Score: 12.92
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leafminer

Score: 6.08
Matched TTPs:
  • T1101 - Security Support Provider
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT3

Score: 6.19
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Tonto Team

Score: 5.25
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

FIN6

Score: 13.23
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 8.76
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Lotus Blossom

Score: 5.39
Matched TTPs:
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Windshift

Score: 3.88
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1597 - Search Closed Sources
  • T1498 - Network Denial of Service
  • T1583.001 - Domains
  • T1566.002 - Spearphishing Link
  • T1027.002 - Software Packing
  • T1134 - Access Token Manipulation
  • T1547.005 - Security Support Provider
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Kimsuky

Score: 0.62
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1656 - Impersonation
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1009 - Binary Padding
  • T1037 - Boot or Logon Initialization Scripts
  • T1684 - Social Engineering
  • T1041 - Exfiltration Over C2 Channel
  • T1197 - BITS Jobs
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1597 - Search Closed Sources
MITREへのリンク →

APT29

Score: 0.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
  • T1218.012 - Verclsid
  • T1177 - LSASS Driver
  • T1584.008 - Network Devices
  • T1683 - Generate Content
  • T1223 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
  • T1036.004 - Masquerade Task or Service
  • T1568 - Dynamic Resolution
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT41

Score: 0.57
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1037.001 - Logon Script (Windows)
  • T1134 - Access Token Manipulation
  • T1684 - Social Engineering
  • T1177 - LSASS Driver
  • T1584.008 - Network Devices
  • T1041 - Exfiltration Over C2 Channel
  • T1045 - Software Packing
  • T1574.002 - DLL Side-Loading
  • T1157 - Dylib Hijacking
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る