Trusted Design

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

概要

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Created: 2026-05-12

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 17.64
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

APT29

Score: 32.56
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
MITREへのリンク →

Turla

Score: 25.30
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.009 - Conditional Access Policies
  • T1569.002 - Service Execution
MITREへのリンク →

APT32

Score: 22.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 10.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 6.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
MITREへのリンク →

MuddyWater

Score: 23.21
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Earth Lusca

Score: 15.40
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 8.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Silence

Score: 10.56
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 40.11
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1690 - Prevent Command History Logging
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 6.24
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

TA505

Score: 17.62
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 10.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cobalt Group

Score: 16.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Higaisa

Score: 13.70
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
  • T1569.002 - Service Execution
MITREへのリンク →

Kimsuky

Score: 53.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 13.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 9.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
MITREへのリンク →

Mustang Panda

Score: 31.96
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Evilnum

Score: 4.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

Daggerfly

Score: 6.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
MITREへのリンク →

GALLIUM

Score: 10.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

FIN13

Score: 18.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 12.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 20.86
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Agrius

Score: 6.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 21.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

APT5

Score: 4.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 13.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 14.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Wizard Spider

Score: 20.11
Matched TTPs:
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 19.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1003.003 - NTDS
MITREへのリンク →

Chimera

Score: 17.82
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1574 - Hijack Execution Flow
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 22.32
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1048 - Exfiltration Over Alternative Protocol
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT39

Score: 16.58
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1599 - Network Boundary Bridging
  • T1027.004 - Compile After Delivery
  • T1569.002 - Service Execution
MITREへのリンク →

Tropic Trooper

Score: 16.20
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Scattered Spider

Score: 36.65
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1557.002 - ARP Cache Poisoning
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Storm-0501

Score: 15.99
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Sandworm Team

Score: 35.85
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
MITREへのリンク →

Sea Turtle

Score: 9.27
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1218 - System Binary Proxy Execution
MITREへのリンク →

Darkhotel

Score: 3.99
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Lazarus Group

Score: 35.62
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1569.002 - Service Execution
  • T1556 - Modify Authentication Process
MITREへのリンク →

ZIRCONIUM

Score: 9.82
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Volt Typhoon

Score: 28.54
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 14.29
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Stealth Falcon

Score: 9.59
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Inception

Score: 5.27
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT33

Score: 10.19
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

BRONZE BUTLER

Score: 9.18
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Leviathan

Score: 16.79
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Gamaredon Group

Score: 18.95
Matched TTPs:
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TeamTNT

Score: 22.78
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1153 - Source
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

Aquatic Panda

Score: 4.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 5.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT1

Score: 9.53
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 6.68
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 15.17
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

HEXANE

Score: 9.94
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT42

Score: 9.12
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1599 - Network Boundary Bridging
MITREへのリンク →

TA2541

Score: 3.31
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 7.65
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Magic Hound

Score: 20.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT38

Score: 28.98
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.005 - Visual Basic
MITREへのリンク →

Moonstone Sleet

Score: 7.61
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

CURIUM

Score: 5.78
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
MITREへのリンク →

UNC3886

Score: 12.40
Matched TTPs:
  • T1218 - System Binary Proxy Execution
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Medusa Group

Score: 12.03
Matched TTPs:
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

LAPSUS$

Score: 14.35
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1557.002 - ARP Cache Poisoning
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT3

Score: 13.73
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
MITREへのリンク →

Salt Typhoon

Score: 6.59
Matched TTPs:
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 6.71
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

BlackByte

Score: 11.71
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Lotus Blossom

Score: 6.13
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 4.22
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 9.25
Matched TTPs:
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1656 - Impersonation
MITREへのリンク →

INC Ransom

Score: 9.49
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Velvet Ant

Score: 8.86
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
MITREへのリンク →

ToddyCat

Score: 4.57
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

LuminousMoth

Score: 5.41
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Confucius

Score: 4.81
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Dark Caracal

Score: 3.44
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

Rocke

Score: 6.54
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

FIN8

Score: 5.09
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1597 - Search Closed Sources
  • T1131 - Authentication Package
  • T1656 - Impersonation
  • T1051 - Shared Webroot
  • T1003.003 - NTDS
  • T1213.006 - Databases
  • T1087.004 - Cloud Account
  • T1027.014 - Polymorphic Code
  • T1546.013 - PowerShell Profile
  • T1690 - Prevent Command History Logging
  • T1665 - Hide Infrastructure
  • T1003.007 - Proc Filesystem
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る