Trusted Design

Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack

概要

The intercom-client npm package version 7.0.4 was compromised through a malicious GitHub account, introducing credential-stealing malware into a widely used Node.js SDK with approximately 360,000 weekly downloads. The attack deployed two malicious files: setup.mjs, executed via preinstall hook to download an unverified Bun binary, and router_runtime.js, an obfuscated 11.7 MB script targeting Kubernetes, Vault, and cloud credentials. Stolen data was encrypted and exfiltrated through GitHub API. The compromise resembles recent attacks on PyPI lightning package and SAP CAP packages, sharing technical patterns with TeamPCP-linked campaigns including GitHub-based exfiltration and CI/CD targeting. The attack was facilitated by compromised GitHub account nhur, which created malicious workflows and triggered automated CI publishing, affecting developers and CI/CD environments that installed the package.

Created: 2026-05-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 47.91
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1022 - Data Encrypted
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Turla

Score: 19.76
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT32

Score: 21.04
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 6.80
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

FIN6

Score: 10.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 6.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
MITREへのリンク →

MuddyWater

Score: 17.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Earth Lusca

Score: 13.67
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 8.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Silence

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 39.30
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1651 - Cloud Administration Command
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 6.24
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

TA505

Score: 18.56
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN7

Score: 10.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Cobalt Group

Score: 12.00
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Higaisa

Score: 10.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 57.85
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1053.002 - At
MITREへのリンク →

Indrik Spider

Score: 11.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

Leafminer

Score: 9.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
MITREへのリンク →

Mustang Panda

Score: 30.91
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Magic Hound

Score: 24.39
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1053.002 - At
MITREへのリンク →

HEXANE

Score: 10.95
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT29

Score: 26.63
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 25.83
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1086 - PowerShell
MITREへのリンク →

TA2541

Score: 6.06
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

Lotus Blossom

Score: 4.22
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
MITREへのリンク →

FIN13

Score: 22.20
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

HAFNIUM

Score: 4.22
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Volt Typhoon

Score: 29.91
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1071.005 - Publish/Subscribe Protocols
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN8

Score: 5.49
Matched TTPs:
  • T1099 - Timestomp
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustard Tempest

Score: 7.82
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1053.002 - At
MITREへのリンク →

APT41

Score: 20.26
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

APT3

Score: 15.28
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
MITREへのリンク →

Daggerfly

Score: 6.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
MITREへのリンク →

GALLIUM

Score: 8.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Dragonfly

Score: 14.39
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 19.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Agrius

Score: 6.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 10.06
Matched TTPs:
  • T1584.008 - Network Devices
  • T1180 - Screensaver
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

menuPass

Score: 12.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Threat Group-3390

Score: 14.25
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1678 - Delay Execution
MITREへのリンク →

Wizard Spider

Score: 16.49
Matched TTPs:
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 19.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1003.003 - NTDS
MITREへのリンク →

Chimera

Score: 11.55
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 19.71
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1566.001 - Spearphishing Attachment
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT39

Score: 13.65
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1566.001 - Spearphishing Attachment
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tropic Trooper

Score: 14.47
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Storm-0501

Score: 17.78
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 31.78
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1075 - Pass the Hash
MITREへのリンク →

Sea Turtle

Score: 5.14
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Darkhotel

Score: 3.99
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Lazarus Group

Score: 41.06
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1087.004 - Cloud Account
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1086 - PowerShell
  • T1556 - Modify Authentication Process
MITREへのリンク →

ZIRCONIUM

Score: 9.82
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 14.29
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Stealth Falcon

Score: 5.97
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Inception

Score: 5.27
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT33

Score: 10.19
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT28

Score: 10.07
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
MITREへのリンク →

BRONZE BUTLER

Score: 9.18
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Leviathan

Score: 16.79
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Rocke

Score: 16.57
Matched TTPs:
  • T1180 - Screensaver
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1022 - Data Encrypted
MITREへのリンク →

APT38

Score: 26.96
Matched TTPs:
  • T1180 - Screensaver
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

TeamTNT

Score: 27.23
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1153 - Source
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1022 - Data Encrypted
  • T1665 - Hide Infrastructure
MITREへのリンク →

Aquatic Panda

Score: 4.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
MITREへのリンク →

admin@338

Score: 3.99
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT1

Score: 11.08
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1053.002 - At
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 6.68
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

Akira

Score: 8.86
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
MITREへのリンク →

Storm-1811

Score: 9.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT42

Score: 11.93
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Transparent Tribe

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Moonstone Sleet

Score: 5.27
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

CURIUM

Score: 5.78
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
MITREへのリンク →

Medusa Group

Score: 14.55
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
MITREへのリンク →

LAPSUS$

Score: 21.63
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1020 - Automated Exfiltration
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Salt Typhoon

Score: 8.93
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

ToddyCat

Score: 5.17
Matched TTPs:
  • T1009 - Binary Padding
  • T1665 - Hide Infrastructure
MITREへのリンク →

UNC3886

Score: 6.48
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Velvet Ant

Score: 6.54
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 11.71
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Play

Score: 5.79
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
MITREへのリンク →

APT19

Score: 4.22
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
MITREへのリンク →

SideCopy

Score: 8.89
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
  • T1053.002 - At
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 9.25
Matched TTPs:
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1656 - Impersonation
MITREへのリンク →

INC Ransom

Score: 7.94
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
MITREへのリンク →

Cinnamon Tempest

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Confucius

Score: 4.81
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1098.007 - Additional Local or Domain Groups
  • T1213.006 - Databases
  • T1590.006 - Network Security Appliances
  • T1003.003 - NTDS
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1027.014 - Polymorphic Code
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1546.013 - PowerShell Profile
  • T1053.002 - At
  • T1546.008 - Accessibility Features
  • T1656 - Impersonation
  • T1665 - Hide Infrastructure
  • T1609 - Container Administration Command
  • T1030 - Data Transfer Size Limits
  • T1003.007 - Proc Filesystem
  • T1552.003 - Shell History
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Scattered Spider

Score: 0.58
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1666 - Modify Cloud Resource Hierarchy
  • T1597 - Search Closed Sources
  • T1087.004 - Cloud Account
  • T1560.003 - Archive via Custom Method
  • T1022 - Data Encrypted
  • T1098.007 - Additional Local or Domain Groups
  • T1556.008 - Network Provider DLL
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1547.005 - Security Support Provider
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る