Trusted Design

Operation Silent Rotor: Rust-Based Malware Targets Eurasian Unmanned Aviation Sector Ahead of Moscow Summit

概要

A sophisticated spear phishing campaign targets professionals in the Eurasian unmanned aviation sector, timed to coincide with the XIII Eurasian International Forum 'Unmanned Aviation 2026' in Moscow. The attack delivers malicious archives containing Rust-based executables disguised as legitimate documents from the Russian Aeronautical Information Center. The malware displays aviation-themed decoy documents in Russian while collecting system information including hostnames, volume serial numbers, network adapter details, and environment variables. Collected data is encrypted via XOR and exfiltrated to a C2 server over HTTPS. The malware subsequently downloads and executes a second-stage payload using AES-256 decryption. The campaign demonstrates targeted social engineering with realistic aviation order documents, translation certificates, and product summaries to compromise victims in Russia, Tajikistan, Central Asia, Middle East and Europe.

Created: 2026-06-05

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 23.03
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1574.009 - Path Interception by Unquoted Path
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT29

Score: 40.18
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
MITREへのリンク →

Scattered Spider

Score: 44.29
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1022 - Data Encrypted
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Turla

Score: 22.62
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT32

Score: 32.04
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Saint Bear

Score: 11.34
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

FIN6

Score: 9.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Sidewinder

Score: 8.59
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

MuddyWater

Score: 17.91
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

Earth Lusca

Score: 13.57
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 12.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Silence

Score: 12.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 35.62
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
MITREへのリンク →

LazyScripter

Score: 7.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 20.24
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 12.11
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 11.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 8.25
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 55.69
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 8.63
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 8.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustang Panda

Score: 35.17
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 4.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 9.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
MITREへのリンク →

APT41

Score: 24.62
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Volt Typhoon

Score: 34.51
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 14.49
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

FIN13

Score: 17.91
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

GALLIUM

Score: 12.28
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Dragonfly

Score: 13.82
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 18.12
Matched TTPs:
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Agrius

Score: 8.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 6.09
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 13.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 20.50
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1574.009 - Path Interception by Unquoted Path
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Wizard Spider

Score: 13.32
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Ember Bear

Score: 11.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Silent Librarian

Score: 14.48
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Lazarus Group

Score: 32.83
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 13.34
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

UNC3886

Score: 19.11
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1546.011 - Application Shimming
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LuminousMoth

Score: 8.56
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
MITREへのリンク →

RedCurl

Score: 12.53
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT1

Score: 10.53
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 15.68
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Magic Hound

Score: 29.26
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Storm-0501

Score: 20.53
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 39.72
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Leviathan

Score: 20.11
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
MITREへのリンク →

Gamaredon Group

Score: 22.82
Matched TTPs:
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

BRONZE BUTLER

Score: 14.35
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

TeamTNT

Score: 15.72
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1022 - Data Encrypted
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 12.45
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

Aquatic Panda

Score: 6.18
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 5.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 14.36
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

HEXANE

Score: 12.04
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

APT42

Score: 6.02
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA2541

Score: 5.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

ZIRCONIUM

Score: 9.31
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 4.04
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
MITREへのリンク →

APT38

Score: 21.67
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 7.85
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

CURIUM

Score: 5.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
MITREへのリンク →

Medusa Group

Score: 15.38
Matched TTPs:
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

LAPSUS$

Score: 15.77
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

BackdoorDiplomacy

Score: 3.50
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT39

Score: 8.83
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tropic Trooper

Score: 15.22
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

HAFNIUM

Score: 11.90
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Moses Staff

Score: 3.24
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Fox Kitten

Score: 10.35
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
MITREへのリンク →

Tonto Team

Score: 6.85
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BlackByte

Score: 13.48
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

TA551

Score: 7.13
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Play

Score: 8.57
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
MITREへのリンク →

Lotus Blossom

Score: 3.20
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT19

Score: 6.08
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Stealth Falcon

Score: 3.44
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

INC Ransom

Score: 9.49
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Velvet Ant

Score: 5.93
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

ToddyCat

Score: 4.57
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

Confucius

Score: 6.82
Matched TTPs:
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Dark Caracal

Score: 3.44
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

Rocke

Score: 10.38
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1022 - Data Encrypted
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT37

Score: 6.47
Matched TTPs:
  • T1078 - Valid Accounts
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Windshift

Score: 4.13
Matched TTPs:
  • T1078 - Valid Accounts
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

FIN8

Score: 4.20
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Patchwork

Score: 4.70
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT18

Score: 3.84
Matched TTPs:
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1087.004 - Cloud Account
  • T1555.003 - Credentials from Web Browsers
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1134.002 - Create Process with Token
  • T1027.014 - Polymorphic Code
  • T1213.006 - Databases
  • T1590.006 - Network Security Appliances
  • T1003.007 - Proc Filesystem
  • T1601.001 - Patch System Image
  • T1608.005 - Link Target
  • T1098.007 - Additional Local or Domain Groups
  • T1546.008 - Accessibility Features
  • T1546.011 - Application Shimming
  • T1546.013 - PowerShell Profile
  • T1131 - Authentication Package
  • T1665 - Hide Infrastructure
  • T1609 - Container Administration Command
  • T1656 - Impersonation
MITREへのリンク →

Scattered Spider

Score: 0.56
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1609 - Container Administration Command
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1030 - Data Transfer Size Limits
  • T1098.007 - Additional Local or Domain Groups
  • T1560.003 - Archive via Custom Method
  • T1547.005 - Security Support Provider
  • T1022 - Data Encrypted
  • T1556.008 - Network Provider DLL
  • T1027 - Obfuscated Files or Information
  • T1666 - Modify Cloud Resource Hierarchy
  • T1087.004 - Cloud Account
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る