Trusted Design

Malware Bypasses Browser Application-Bound Encryption Protections

概要

A sophisticated 64-bit information-stealing malware named Remus has emerged as a direct evolution of the notorious Lumma Stealer. Following the doxxing of alleged Lumma core members between August and October 2025, developers created this advanced variant, with test builds appearing in September 2025 and live campaigns starting February 2026. Remus employs innovative techniques including injecting custom 51-byte shellcode into browser memory to extract protected master keys, bypassing Application-Bound Encryption in Chromium-based browsers. The malware utilizes EtherHiding through Ethereum smart contracts for command-and-control resolution, making infrastructure takedowns nearly impossible. It targets browser credentials, session cookies, and cryptocurrency wallets while implementing rigorous anti-analysis checks to evade security research environments.

Created: 2026-06-05

Indicators

Indicatorsは見つかっていない。

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 24.64
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1586.003 - Cloud Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1574.009 - Path Interception by Unquoted Path
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT29

Score: 29.78
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Turla

Score: 24.97
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT32

Score: 29.23
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 6.11
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 10.72
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 10.49
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

MuddyWater

Score: 19.96
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

Earth Lusca

Score: 19.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 12.74
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 11.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 34.97
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1586.003 - Cloud Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 5.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 20.24
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 15.36
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 22.54
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 6.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 46.66
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 16.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1552.008 - Chat Messages
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 3.84
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustang Panda

Score: 29.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Evilnum

Score: 8.34
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.009 - Safe Mode Boot
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 9.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

APT41

Score: 27.16
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Scattered Spider

Score: 31.31
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Volt Typhoon

Score: 39.56
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1552.008 - Chat Messages
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 12.52
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 17.91
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Daggerfly

Score: 5.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
MITREへのリンク →

GALLIUM

Score: 10.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Dragonfly

Score: 14.95
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 18.48
Matched TTPs:
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 6.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 12.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1180 - Screensaver
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 13.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 19.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1678 - Delay Execution
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Wizard Spider

Score: 18.45
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 11.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Storm-0501

Score: 21.51
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Sandworm Team

Score: 34.53
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Leviathan

Score: 14.29
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Gamaredon Group

Score: 26.64
Matched TTPs:
  • T1527 - Application Access Token
  • T1562.009 - Safe Mode Boot
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1090 - Proxy
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Darkhotel

Score: 6.81
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

OilRig

Score: 22.07
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1592.002 - Software
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 12.28
Matched TTPs:
  • T1180 - Screensaver
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 26.43
Matched TTPs:
  • T1180 - Screensaver
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 6.66
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

TeamTNT

Score: 17.62
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

Aquatic Panda

Score: 8.08
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 10.42
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 5.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT1

Score: 7.25
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

UNC3886

Score: 12.40
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Magic Hound

Score: 25.06
Matched TTPs:
  • T1586.003 - Cloud Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

BlackByte

Score: 19.48
Matched TTPs:
  • T1586.003 - Cloud Accounts
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

Storm-1811

Score: 11.32
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

HEXANE

Score: 9.51
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

APT42

Score: 4.89
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

TA2541

Score: 7.67
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

ZIRCONIUM

Score: 5.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Lazarus Group

Score: 25.91
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

Silent Librarian

Score: 8.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Sea Turtle

Score: 3.28
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Moonstone Sleet

Score: 8.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

CURIUM

Score: 6.90
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1218.001 - Compiled HTML File
MITREへのリンク →

APT37

Score: 7.14
Matched TTPs:
  • T1684 - Social Engineering
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Velvet Ant

Score: 8.39
Matched TTPs:
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

RedCurl

Score: 9.25
Matched TTPs:
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LAPSUS$

Score: 10.21
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

BackdoorDiplomacy

Score: 3.50
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT39

Score: 9.19
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tropic Trooper

Score: 17.12
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

HAFNIUM

Score: 11.21
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1552.008 - Chat Messages
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Moses Staff

Score: 3.24
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Fox Kitten

Score: 12.69
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
MITREへのリンク →

Tonto Team

Score: 6.85
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Medusa Group

Score: 11.14
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Cinnamon Tempest

Score: 5.96
Matched TTPs:
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1027.004 - Compile After Delivery
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Salt Typhoon

Score: 6.59
Matched TTPs:
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 10.47
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Lotus Blossom

Score: 3.20
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT19

Score: 8.42
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 7.50
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
  • T1506 - Web Session Cookie
MITREへのリンク →

Stealth Falcon

Score: 3.81
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Naikon

Score: 3.37
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

INC Ransom

Score: 9.49
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 6.47
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

APT33

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN8

Score: 8.85
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA551

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.79
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

LuminousMoth

Score: 3.44
Matched TTPs:
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Patchwork

Score: 6.60
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1003.007 - Proc Filesystem
  • T1546.013 - PowerShell Profile
  • T1665 - Hide Infrastructure
  • T1027.014 - Polymorphic Code
  • T1213.006 - Databases
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1597 - Search Closed Sources
  • T1565.002 - Transmitted Data Manipulation
  • T1656 - Impersonation
  • T1555.003 - Credentials from Web Browsers
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1027.004 - Compile After Delivery
  • T1506 - Web Session Cookie
  • T1609 - Container Administration Command
MITREへのリンク →

Volt Typhoon

Score: 0.59
Matched TTPs:
  • T1584.002 - DNS Server
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1665 - Hide Infrastructure
  • T1552.008 - Chat Messages
  • T1555.003 - Credentials from Web Browsers
  • T1560.003 - Archive via Custom Method
  • T1590.006 - Network Security Appliances
  • T1556.002 - Password Filter DLL
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1547.005 - Security Support Provider
  • T1686.003 - Windows Host Firewall
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る