Trusted Design

Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam's Military Telecom & Philippine Healthcare

概要

A sophisticated spear phishing campaign dubbed Operation GriefLure targeted senior executives of Viettel Group, Vietnam's largest military-owned telecommunications provider, and St. Luke's Medical Center in the Philippines. The operation weaponized authentic legal documents from a genuine data breach dispute involving a Vietnamese citizen and Viettel, alongside fabricated whistleblower complaints targeting Philippine healthcare administrators. Attackers delivered malicious Windows LNK files within nested RAR archives, abusing native ftp.exe as a Living-off-the-Land dropper. Upon execution, the payload assembled polymorphic implants directly on disk from chunked .doc files, establishing persistence while displaying legitimate decoy PDFs. The malware enabled remote access through process injection, credential harvesting from browsers and remote access tools, screenshot capture, and file exfiltration via HTTPS C2 communication to infrastructure hosted on bulletproof Hong Kong servers.

Created: 2026-06-06

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 14.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1487 - Disk Structure Wipe
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1056 - Input Capture
  • T1556.005 - Reversible Encryption
MITREへのリンク →

menuPass

Score: 19.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1487 - Disk Structure Wipe
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
MITREへのリンク →

Wizard Spider

Score: 18.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1056 - Input Capture
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 9.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 9.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 36.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1083 - File and Directory Discovery
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 13.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Mustang Panda

Score: 35.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1487 - Disk Structure Wipe
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1056 - Input Capture
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 8.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
MITREへのリンク →

Chimera

Score: 22.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1574 - Hijack Execution Flow
  • T1056 - Input Capture
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 7.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT39

Score: 13.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1599 - Network Boundary Bridging
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedCurl

Score: 25.23
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1487 - Disk Structure Wipe
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
  • T1055.009 - Proc Memory
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 7.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1106 - Native API
MITREへのリンク →

Agrius

Score: 10.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1487 - Disk Structure Wipe
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 6.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
MITREへのリンク →

APT41

Score: 27.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1106 - Native API
  • T1562.004 - Disable or Modify System Firewall
  • T1177 - LSASS Driver
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
  • T1556.005 - Reversible Encryption
MITREへのリンク →

MuddyWater

Score: 22.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 27.55
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1487 - Disk Structure Wipe
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 28.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1056 - Input Capture
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 22.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

UNC3886

Score: 24.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1689 - Downgrade Attack
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 61.55
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1056 - Input Capture
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 11.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 17.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lotus Blossom

Score: 7.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1109 - Component Firmware
  • T1099 - Timestomp
MITREへのリンク →

FIN13

Score: 19.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Earth Lusca

Score: 17.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1056 - Input Capture
  • T1027.004 - Compile After Delivery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 41.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 13.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1106 - Native API
  • T1562.004 - Disable or Modify System Firewall
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

INC Ransom

Score: 13.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1055.009 - Proc Memory
MITREへのリンク →

Akira

Score: 12.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1056 - Input Capture
MITREへのリンク →

ToddyCat

Score: 8.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1056 - Input Capture
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT32

Score: 33.96
Matched TTPs:
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1134.002 - Create Process with Token
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 39.17
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1109 - Component Firmware
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1056 - Input Capture
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN4

Score: 6.68
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 9.67
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 7.82
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1487 - Disk Structure Wipe
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Sidewinder

Score: 14.60
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1487 - Disk Structure Wipe
  • T1090 - Proxy
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA577

Score: 3.33
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 19.57
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1487 - Disk Structure Wipe
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1090 - Proxy
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 12.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 32.09
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1056 - Input Capture
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 10.91
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 22.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 21.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1056 - Input Capture
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 13.67
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 5.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 15.46
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1056 - Input Capture
MITREへのリンク →

Molerats

Score: 3.33
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 10.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
MITREへのリンク →

TA578

Score: 5.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 6.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 11.74
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

LuminousMoth

Score: 11.03
Matched TTPs:
  • T1109 - Component Firmware
  • T1056 - Input Capture
  • T1574.009 - Path Interception by Unquoted Path
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 43.27
Matched TTPs:
  • T1109 - Component Firmware
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1016.002 - Wi-Fi Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 11.87
Matched TTPs:
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1599 - Network Boundary Bridging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

HEXANE

Score: 22.25
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1056 - Input Capture
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT29

Score: 36.44
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 24.20
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1487 - Disk Structure Wipe
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 9.43
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 5.14
Matched TTPs:
  • T1584.008 - Network Devices
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 19.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1654 - Log Enumeration
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 16.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1487 - Disk Structure Wipe
  • T1098.007 - Additional Local or Domain Groups
  • T1056 - Input Capture
  • T1574.009 - Path Interception by Unquoted Path
  • T1556.005 - Reversible Encryption
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Ember Bear

Score: 18.29
Matched TTPs:
  • T1584.008 - Network Devices
  • T1487 - Disk Structure Wipe
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1056 - Input Capture
MITREへのリンク →

Storm-0501

Score: 23.46
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1056 - Input Capture
  • T1055.009 - Proc Memory
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Leviathan

Score: 20.49
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1056 - Input Capture
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN5

Score: 4.93
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1547.011 - Plist Modification
MITREへのリンク →

Confucius

Score: 11.59
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1608.005 - Link Target
  • T1056 - Input Capture
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 23.80
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1051 - Shared Webroot
  • T1048 - Exfiltration Over Alternative Protocol
  • T1592.002 - Software
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 8.24
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

Tropic Trooper

Score: 16.37
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1090 - Proxy
  • T1136.003 - Cloud Account
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

TeamTNT

Score: 22.54
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Medusa Group

Score: 18.88
Matched TTPs:
  • T1106 - Native API
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1056 - Input Capture
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lazarus Group

Score: 33.35
Matched TTPs:
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

Storm-1811

Score: 14.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

ZIRCONIUM

Score: 14.87
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1056 - Input Capture
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedEcho

Score: 5.10
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

EXOTIC LILY

Score: 7.69
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 10.17
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1546.008 - Accessibility Features
MITREへのリンク →

APT38

Score: 23.06
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 13.30
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
MITREへのリンク →

CURIUM

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Windshift

Score: 11.61
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1078 - Valid Accounts
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA551

Score: 10.51
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
MITREへのリンク →

LAPSUS$

Score: 16.76
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1556.008 - Network Provider DLL
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
MITREへのリンク →

Rocke

Score: 10.06
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Velvet Ant

Score: 6.54
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 11.80
Matched TTPs:
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
MITREへのリンク →

SilverTerrier

Score: 4.47
Matched TTPs:
  • T1131 - Authentication Package
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

POLONIUM

Score: 4.02
Matched TTPs:
  • T1608.005 - Link Target
  • T1056 - Input Capture
MITREへのリンク →

Dark Caracal

Score: 4.63
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
  • T1556.005 - Reversible Encryption
MITREへのリンク →

WIRTE

Score: 6.33
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

APT37

Score: 7.66
Matched TTPs:
  • T1078 - Valid Accounts
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Inception

Score: 6.68
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

APT19

Score: 5.80
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Cinnamon Tempest

Score: 4.35
Matched TTPs:
  • T1056 - Input Capture
  • T1027.004 - Compile After Delivery
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Machete

Score: 3.70
Matched TTPs:
  • T1027.004 - Compile After Delivery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 5.03
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1654 - Log Enumeration
  • T1003.007 - Proc Filesystem
  • T1134.002 - Create Process with Token
  • T1601.001 - Patch System Image
  • T1213.006 - Databases
  • T1027.018 - Invisible Unicode
  • T1608.005 - Link Target
  • T1546.013 - PowerShell Profile
  • T1546.008 - Accessibility Features
  • T1183 - Image File Execution Options Injection
  • T1027.014 - Polymorphic Code
  • T1051 - Shared Webroot
  • T1560.001 - Archive via Utility
  • T1027.004 - Compile After Delivery
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
  • T1131 - Authentication Package
  • T1056 - Input Capture
  • T1109 - Component Firmware
  • T1197 - BITS Jobs
  • T1665 - Hide Infrastructure
  • T1546.011 - Application Shimming
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る