Trusted Design

Espionage Campaign Targeted Stock Exchange Executive for Five Months

概要

Unknown attackers conducted a five-month espionage campaign against a senior executive at a major global stock exchange, systematically stealing the victim's Outlook mailbox in incremental batches. The attackers demonstrated sophisticated operational discipline by using legitimate cloud services like Dropbox and OneDrive Personal for exfiltration and command-and-control infrastructure. They employed an Aspose-based mailbox stealer to extract OST files in date-range windows, beginning with historical emails from August 2025 and continuing with regular two-to-four-week intervals through February 2026. The intrusion maintained persistence through masquerading binaries and scheduled tasks themed around legitimate Adobe and Lenovo services. By extracting mailbox data incrementally and routing traffic through trusted cloud platforms, the attackers avoided detection while building a comprehensive intelligence picture of the executive's communications and organizational activities.

Created: 2026-06-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 14.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 14.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

Wizard Spider

Score: 18.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 9.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 16.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 37.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1584.002 - DNS Server
  • T1065 - Uncommonly Used Port
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 11.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

Mustang Panda

Score: 36.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1053.007 - Container Orchestration Job
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 8.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 14.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 13.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1218 - System Binary Proxy Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 9.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 20.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

APT5

Score: 6.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

Agrius

Score: 6.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

GALLIUM

Score: 9.62
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

APT41

Score: 18.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1562.004 - Disable or Modify System Firewall
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1591.004 - Identify Roles
MITREへのリンク →

MuddyWater

Score: 20.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT28

Score: 27.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
  • T1585 - Establish Accounts
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 30.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BRONZE BUTLER

Score: 19.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

UNC3886

Score: 25.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1546.011 - Application Shimming
  • T1218 - System Binary Proxy Execution
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Kimsuky

Score: 54.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1109 - Component Firmware
  • T1053.007 - Container Orchestration Job
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 12.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN8

Score: 14.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 19.56
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

Lotus Blossom

Score: 9.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1109 - Component Firmware
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 19.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1591.004 - Identify Roles
MITREへのリンク →

Earth Lusca

Score: 17.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 33.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Aquatic Panda

Score: 11.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1562.004 - Disable or Modify System Firewall
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

INC Ransom

Score: 12.04
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 9.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT29

Score: 37.34
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Scattered Spider

Score: 33.31
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1109 - Component Firmware
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

LuminousMoth

Score: 3.03
Matched TTPs:
  • T1109 - Component Firmware
MITREへのリンク →

Sandworm Team

Score: 38.39
Matched TTPs:
  • T1109 - Component Firmware
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Evilnum

Score: 3.03
Matched TTPs:
  • T1109 - Component Firmware
MITREへのリンク →

Star Blizzard

Score: 10.92
Matched TTPs:
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
MITREへのリンク →

APT42

Score: 7.30
Matched TTPs:
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
MITREへのリンク →

HEXANE

Score: 17.16
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Gamaredon Group

Score: 24.55
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

TA2541

Score: 10.82
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

Daggerfly

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1573 - Encrypted Channel
MITREへのリンク →

Dragonfly

Score: 21.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1055.013 - Process Doppelgänging
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Threat Group-3390

Score: 17.70
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1591.004 - Identify Roles
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Ember Bear

Score: 15.34
Matched TTPs:
  • T1584.008 - Network Devices
  • T1562.004 - Disable or Modify System Firewall
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Winter Vivern

Score: 17.60
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1218.001 - Compiled HTML File
  • T1591.004 - Identify Roles
MITREへのリンク →

Storm-0501

Score: 14.86
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Leviathan

Score: 12.37
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

TA505

Score: 18.46
Matched TTPs:
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

TeamTNT

Score: 18.82
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 10.14
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

OilRig

Score: 27.59
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 5.21
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

PROMETHIUM

Score: 6.51
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Patchwork

Score: 9.50
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Storm-1811

Score: 9.35
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1591.004 - Identify Roles
MITREへのリンク →

Contagious Interview

Score: 29.42
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT32

Score: 28.29
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

LazyScripter

Score: 6.35
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

ZIRCONIUM

Score: 6.82
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

RedEcho

Score: 6.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Lazarus Group

Score: 25.21
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

Silent Librarian

Score: 8.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

FIN7

Score: 24.98
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1065 - Uncommonly Used Port
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT38

Score: 19.76
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1591.004 - Identify Roles
MITREへのリンク →

Moonstone Sleet

Score: 6.79
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

CURIUM

Score: 5.14
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Medusa Group

Score: 18.19
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

LAPSUS$

Score: 13.83
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Salt Typhoon

Score: 5.09
Matched TTPs:
  • T1009 - Binary Padding
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Velvet Ant

Score: 13.68
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 11.57
Matched TTPs:
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Silence

Score: 7.96
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 13.03
Matched TTPs:
  • T1598.004 - Spearphishing Voice
  • T1573 - Encrypted Channel
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Leafminer

Score: 8.92
Matched TTPs:
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Stealth Falcon

Score: 5.96
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

FIN6

Score: 12.45
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT19

Score: 4.20
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1601.001 - Patch System Image
MITREへのリンク →

Saint Bear

Score: 7.10
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

APT37

Score: 5.64
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Windigo

Score: 5.09
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1159 - Launch Agent
MITREへのリンク →

Sidewinder

Score: 7.90
Matched TTPs:
  • T1090 - Proxy
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Tropic Trooper

Score: 21.10
Matched TTPs:
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

Confucius

Score: 4.85
Matched TTPs:
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.79
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Machete

Score: 3.30
Matched TTPs:
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Cinnamon Tempest

Score: 3.30
Matched TTPs:
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN10

Score: 3.62
Matched TTPs:
  • T1591.004 - Identify Roles
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Higaisa

Score: 3.79
Matched TTPs:
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT18

Score: 4.80
Matched TTPs:
  • T1591.004 - Identify Roles
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1009 - Binary Padding
  • T1051 - Shared Webroot
  • T1665 - Hide Infrastructure
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1656 - Impersonation
  • T1213.006 - Databases
  • T1560.001 - Archive via Utility
  • T1601.001 - Patch System Image
  • T1546.008 - Accessibility Features
  • T1597 - Search Closed Sources
  • T1131 - Authentication Package
  • T1591.004 - Identify Roles
  • T1546.011 - Application Shimming
  • T1003.007 - Proc Filesystem
  • T1609 - Container Administration Command
  • T1608.005 - Link Target
  • T1053.007 - Container Orchestration Job
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る