Pulse Detail-

Technical Analysis of MLTBackdoor

概要

In May 2026, a new malware family named MLTBackdoor was identified, likely leveraged by ransomware-related threat actors to establish footholds for lateral movement. Delivered through multi-stage ClickFix infection chains targeting automotive-related web pages, this backdoor employs sophisticated obfuscation techniques including Mixed Boolean-Arithmetic and Control Flow Flattening. MLTBackdoor features indirect system calls, API hashing, and extensive anti-analysis checks that detect debuggers and sandboxed environments. Its capabilities include filesystem operations and a powerful Beacon Object File loader that dynamically expands functionality. The malware uses custom encrypted binary protocols over TLS with Elliptic-Curve Diffie-Hellman key exchange for command-and-control communications. Additionally, it implements a deterministic date-based Domain Generation Algorithm to maintain persistence when hardcoded C2 domains become unreachable, demonstrating advanced resilience against takedown attempts.

Created: 2026-06-10

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 13.72

Matched TTPs:

T1560.001 - Archive via Utility
T1099 - Timestomp
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1055.008 - Ptrace System Calls

MITREへのリンク →

menuPass

Score: 13.89

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1527 - Application Access Token
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1622 - Debugger Evasion

MITREへのリンク →

Wizard Spider

Score: 21.55

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1684 - Social Engineering
T1590.006 - Network Security Appliances
T1083 - File and Directory Discovery
T1597 - Search Closed Sources
T1556.009 - Conditional Access Policies
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

APT33

Score: 6.86

Matched TTPs:

T1560.001 - Archive via Utility
T1051 - Shared Webroot
T1556 - Modify Authentication Process

MITREへのリンク →

Fox Kitten

Score: 14.25

Matched TTPs:

T1560.001 - Archive via Utility
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1051 - Shared Webroot
T1656 - Impersonation
T1622 - Debugger Evasion

MITREへのリンク →

Volt Typhoon

Score: 40.06

Matched TTPs:

T1560.001 - Archive via Utility
T1099 - Timestomp
T1560.003 - Archive via Custom Method
T1686.003 - Windows Host Firewall
T1003.007 - Proc Filesystem
T1556.002 - Password Filter DLL
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1083 - File and Directory Discovery
T1584.002 - DNS Server
T1065 - Uncommonly Used Port
T1159 - Launch Agent
T1622 - Debugger Evasion

MITREへのリンク →

APT1

Score: 7.23

Matched TTPs:

T1560.001 - Archive via Utility
T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances
T1622 - Debugger Evasion

MITREへのリンク →

Mustang Panda

Score: 30.04

Matched TTPs:

T1560.001 - Archive via Utility
T1546.013 - PowerShell Profile
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1169 - Sudo
T1136.003 - Cloud Account
T1565.002 - Transmitted Data Manipulation
T1159 - Launch Agent
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

Play

Score: 8.30

Matched TTPs:

T1560.001 - Archive via Utility
T1590.006 - Network Security Appliances
T1597 - Search Closed Sources
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

Chimera

Score: 7.23

Matched TTPs:

T1560.001 - Archive via Utility
T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances
T1622 - Debugger Evasion

MITREへのリンク →

Sea Turtle

Score: 3.36

Matched TTPs:

T1560.001 - Archive via Utility
T1555.003 - Credentials from Web Browsers

MITREへのリンク →

APT39

Score: 10.09

Matched TTPs:

T1560.001 - Archive via Utility
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1027.004 - Compile After Delivery
T1622 - Debugger Evasion

MITREへのリンク →

RedCurl

Score: 10.08

Matched TTPs:

T1560.001 - Archive via Utility
T1016.002 - Wi-Fi Discovery
T1051 - Shared Webroot
T1027.004 - Compile After Delivery

MITREへのリンク →

APT5

Score: 10.06

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1684 - Social Engineering
T1555.003 - Credentials from Web Browsers
T1622 - Debugger Evasion

MITREへのリンク →

Agrius

Score: 9.40

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1555.003 - Credentials from Web Browsers
T1597 - Search Closed Sources
T1622 - Debugger Evasion

MITREへのリンク →

GALLIUM

Score: 10.17

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances

MITREへのリンク →

APT41

Score: 27.63

Matched TTPs:

T1560.001 - Archive via Utility
T1560.003 - Archive via Custom Method
T1584.008 - Network Devices
T1684 - Social Engineering
T1562.004 - Disable or Modify System Firewall
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1574.009 - Path Interception by Unquoted Path
T1622 - Debugger Evasion

MITREへのリンク →

MuddyWater

Score: 23.33

Matched TTPs:

T1560.001 - Archive via Utility
T1546.013 - PowerShell Profile
T1518.002 - Backup Software Discovery
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1051 - Shared Webroot
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery
T1159 - Launch Agent

MITREへのリンク →

APT28

Score: 30.24

Matched TTPs:

T1560.001 - Archive via Utility
T1222.002 - Linux and Mac Permissions
T1139 - Bash History
T1131 - Authentication Package
T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1608.005 - Link Target
T1574.009 - Path Interception by Unquoted Path
T1055.008 - Ptrace System Calls

MITREへのリンク →

Turla

Score: 25.82

Matched TTPs:

T1560.001 - Archive via Utility
T1546.013 - PowerShell Profile
T1099 - Timestomp
T1003.007 - Proc Filesystem
T1684 - Social Engineering
T1131 - Authentication Package
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery
T1556.009 - Conditional Access Policies

MITREへのリンク →

BRONZE BUTLER

Score: 14.85

Matched TTPs:

T1560.001 - Archive via Utility
T1003.007 - Proc Filesystem
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery
T1159 - Launch Agent
T1591.001 - Determine Physical Locations

MITREへのリンク →

UNC3886

Score: 16.34

Matched TTPs:

T1560.001 - Archive via Utility
T1556.002 - Password Filter DLL
T1009 - Binary Padding
T1021.006 - Windows Remote Management
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Kimsuky

Score: 51.70

Matched TTPs:

T1560.001 - Archive via Utility
T1546.013 - PowerShell Profile
T1109 - Component Firmware
T1213.006 - Databases
T1003.007 - Proc Filesystem
T1684 - Social Engineering
T1009 - Binary Padding
T1131 - Authentication Package
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1546.008 - Accessibility Features
T1609 - Container Administration Command
T1051 - Shared Webroot
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027.014 - Polymorphic Code
T1027.004 - Compile After Delivery
T1656 - Impersonation
T1565.002 - Transmitted Data Manipulation
T1622 - Debugger Evasion

MITREへのリンク →

APT3

Score: 16.55

Matched TTPs:

T1560.001 - Archive via Utility
T1560.003 - Archive via Custom Method
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1051 - Shared Webroot
T1622 - Debugger Evasion

MITREへのリンク →

FIN8

Score: 11.07

Matched TTPs:

T1560.001 - Archive via Utility
T1099 - Timestomp
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

Ke3chang

Score: 12.72

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances
T1198 - SIP and Trust Provider Hijacking

MITREへのリンク →

Lotus Blossom

Score: 8.84

Matched TTPs:

T1560.001 - Archive via Utility
T1109 - Component Firmware
T1099 - Timestomp
T1590.006 - Network Security Appliances

MITREへのリンク →

FIN13

Score: 24.68

Matched TTPs:

T1560.001 - Archive via Utility
T1099 - Timestomp
T1560.003 - Archive via Custom Method
T1584.008 - Network Devices
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1051 - Shared Webroot
T1134.001 - Token Impersonation/Theft
T1622 - Debugger Evasion

MITREへのリンク →

Earth Lusca

Score: 14.50

Matched TTPs:

T1560.001 - Archive via Utility
T1546.013 - PowerShell Profile
T1003.007 - Proc Filesystem
T1562.004 - Disable or Modify System Firewall
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1027.004 - Compile After Delivery

MITREへのリンク →

Magic Hound

Score: 26.86

Matched TTPs:

T1560.001 - Archive via Utility
T1099 - Timestomp
T1016.002 - Wi-Fi Discovery
T1547.005 - Security Support Provider
T1009 - Binary Padding
T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Aquatic Panda

Score: 10.15

Matched TTPs:

T1560.001 - Archive via Utility
T1003.007 - Proc Filesystem
T1562.004 - Disable or Modify System Firewall
T1597 - Search Closed Sources
T1622 - Debugger Evasion

MITREへのリンク →

INC Ransom

Score: 11.00

Matched TTPs:

T1560.001 - Archive via Utility
T1083 - File and Directory Discovery
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Akira

Score: 11.92

Matched TTPs:

T1560.001 - Archive via Utility
T1137.005 - Outlook Rules
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

ToddyCat

Score: 3.93

Matched TTPs:

T1560.001 - Archive via Utility
T1009 - Binary Padding

MITREへのリンク →

APT29

Score: 37.13

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1099 - Timestomp
T1584.008 - Network Devices
T1202 - Indirect Command Execution
T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1568 - Dynamic Resolution
T1608.005 - Link Target
T1556.008 - Network Provider DLL
T1027.004 - Compile After Delivery

MITREへのリンク →

Scattered Spider

Score: 41.13

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1109 - Component Firmware
T1560.003 - Archive via Custom Method
T1685.004 - Disable or Modify Linux Audit System Log
T1547.005 - Security Support Provider
T1590.006 - Network Security Appliances
T1609 - Container Administration Command
T1083 - File and Directory Discovery
T1051 - Shared Webroot
T1556.008 - Network Provider DLL
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1565.002 - Transmitted Data Manipulation
T1622 - Debugger Evasion

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy

MITREへのリンク →

APT32

Score: 21.39

Matched TTPs:

T1546.013 - PowerShell Profile
T1684 - Social Engineering
T1547.005 - Security Support Provider
T1131 - Authentication Package
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1027.014 - Polymorphic Code
T1556 - Modify Authentication Process

MITREへのリンク →

Saint Bear

Score: 9.63

Matched TTPs:

T1546.013 - PowerShell Profile
T1064 - Scripting
T1608.005 - Link Target
T1597 - Search Closed Sources

MITREへのリンク →

FIN6

Score: 8.16

Matched TTPs:

T1546.013 - PowerShell Profile
T1597 - Search Closed Sources
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

Sidewinder

Score: 6.19

Matched TTPs:

T1546.013 - PowerShell Profile
T1590.006 - Network Security Appliances
T1159 - Launch Agent

MITREへのリンク →

Winter Vivern

Score: 4.57

Matched TTPs:

T1546.013 - PowerShell Profile
T1562.004 - Disable or Modify System Firewall

MITREへのリンク →

Silence

Score: 8.83

Matched TTPs:

T1546.013 - PowerShell Profile
T1684 - Social Engineering
T1547.011 - Plist Modification
T1622 - Debugger Evasion

MITREへのリンク →

Contagious Interview

Score: 35.97

Matched TTPs:

T1546.013 - PowerShell Profile
T1547.005 - Security Support Provider
T1131 - Authentication Package
T1021.006 - Windows Remote Management
T1016 - System Network Configuration Discovery
T1064 - Scripting
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery
T1656 - Impersonation
T1565.002 - Transmitted Data Manipulation
T1556 - Modify Authentication Process

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1546.013 - PowerShell Profile
T1608.005 - Link Target

MITREへのリンク →

TA505

Score: 19.39

Matched TTPs:

T1546.013 - PowerShell Profile
T1560.003 - Archive via Custom Method
T1527 - Application Access Token
T1016.002 - Wi-Fi Discovery
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

FIN7

Score: 16.86

Matched TTPs:

T1546.013 - PowerShell Profile
T1009 - Binary Padding
T1608.005 - Link Target
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1065 - Uncommonly Used Port
T1622 - Debugger Evasion

MITREへのリンク →

Cobalt Group

Score: 20.42

Matched TTPs:

T1546.013 - PowerShell Profile
T1684 - Social Engineering
T1518.002 - Backup Software Discovery
T1598.004 - Spearphishing Voice
T1027.014 - Polymorphic Code
T1573 - Encrypted Channel
T1622 - Debugger Evasion

MITREへのリンク →

Higaisa

Score: 3.44

Matched TTPs:

T1546.013 - PowerShell Profile
T1590.006 - Network Security Appliances

MITREへのリンク →

Indrik Spider

Score: 12.80

Matched TTPs:

T1546.013 - PowerShell Profile
T1003.007 - Proc Filesystem
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Leafminer

Score: 9.03

Matched TTPs:

T1546.013 - PowerShell Profile
T1101 - Security Support Provider
T1051 - Shared Webroot

MITREへのリンク →

TA578

Score: 3.99

Matched TTPs:

T1546.013 - PowerShell Profile
T1608.005 - Link Target

MITREへのリンク →

Evilnum

Score: 7.94

Matched TTPs:

T1546.013 - PowerShell Profile
T1109 - Component Firmware
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Star Blizzard

Score: 11.37

Matched TTPs:

T1546.013 - PowerShell Profile
T1109 - Component Firmware
T1547.005 - Security Support Provider
T1609 - Container Administration Command

MITREへのリンク →

LuminousMoth

Score: 6.47

Matched TTPs:

T1109 - Component Firmware
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

Sandworm Team

Score: 32.64

Matched TTPs:

T1109 - Component Firmware
T1484.002 - Trust Modification
T1686.003 - Windows Host Firewall
T1016.002 - Wi-Fi Discovery
T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers
T1546.008 - Accessibility Features
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1075 - Pass the Hash

MITREへのリンク →

APT42

Score: 4.50

Matched TTPs:

T1109 - Component Firmware
T1590.006 - Network Security Appliances

MITREへのリンク →

HEXANE

Score: 15.16

Matched TTPs:

T1099 - Timestomp
T1547.005 - Security Support Provider
T1590.006 - Network Security Appliances
T1065 - Uncommonly Used Port
T1159 - Launch Agent
T1622 - Debugger Evasion

MITREへのリンク →

Gamaredon Group

Score: 21.53

Matched TTPs:

T1099 - Timestomp
T1527 - Application Access Token
T1684 - Social Engineering
T1608.005 - Link Target
T1554 - Compromise Host Software Binary
T1597 - Search Closed Sources
T1061 - Graphical User Interface

MITREへのリンク →

TA2541

Score: 9.01

Matched TTPs:

T1099 - Timestomp
T1684 - Social Engineering
T1608.005 - Link Target
T1597 - Search Closed Sources

MITREへのリンク →

Daggerfly

Score: 9.37

Matched TTPs:

T1584.008 - Network Devices
T1530 - Data from Cloud Storage
T1573 - Encrypted Channel

MITREへのリンク →

Dragonfly

Score: 17.68

Matched TTPs:

T1584.008 - Network Devices
T1009 - Binary Padding
T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1573 - Encrypted Channel
T1027.004 - Compile After Delivery
T1622 - Debugger Evasion

MITREへのリンク →

Threat Group-3390

Score: 20.58

Matched TTPs:

T1584.008 - Network Devices
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1678 - Delay Execution
T1573 - Encrypted Channel
T1574.009 - Path Interception by Unquoted Path
T1591.001 - Determine Physical Locations

MITREへのリンク →

Ember Bear

Score: 14.71

Matched TTPs:

T1584.008 - Network Devices
T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1656 - Impersonation

MITREへのリンク →

Medusa Group

Score: 17.91

Matched TTPs:

T1036.008 - Masquerade File Type
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Storm-0501

Score: 15.99

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1686.003 - Windows Host Firewall
T1027 - Obfuscated Files or Information
T1027.014 - Polymorphic Code
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Leviathan

Score: 17.02

Matched TTPs:

T1484.002 - Trust Modification
T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers
T1554 - Compromise Host Software Binary
T1027.014 - Polymorphic Code
T1622 - Debugger Evasion

MITREへのリンク →

TeamTNT

Score: 13.25

Matched TTPs:

T1003.007 - Proc Filesystem
T1009 - Binary Padding
T1562.004 - Disable or Modify System Firewall
T1590.006 - Network Security Appliances
T1051 - Shared Webroot
T1597 - Search Closed Sources

MITREへのリンク →

OilRig

Score: 18.64

Matched TTPs:

T1003.007 - Proc Filesystem
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1051 - Shared Webroot
T1556.009 - Conditional Access Policies
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

admin@338

Score: 3.99

Matched TTPs:

T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances

MITREへのリンク →

PROMETHIUM

Score: 3.84

Matched TTPs:

T1530 - Data from Cloud Storage

MITREへのリンク →

Patchwork

Score: 5.49

Matched TTPs:

T1530 - Data from Cloud Storage
T1622 - Debugger Evasion

MITREへのリンク →

APT38

Score: 19.78

Matched TTPs:

T1684 - Social Engineering
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1590 - Gather Victim Network Information
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1493 - Transmitted Data Manipulation

MITREへのリンク →

APT37

Score: 4.80

Matched TTPs:

T1684 - Social Engineering
T1027.004 - Compile After Delivery

MITREへのリンク →

Velvet Ant

Score: 6.60

Matched TTPs:

T1684 - Social Engineering
T1009 - Binary Padding
T1597 - Search Closed Sources

MITREへのリンク →

BlackByte

Score: 17.95

Matched TTPs:

T1684 - Social Engineering
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1134.001 - Token Impersonation/Theft
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

LAPSUS$

Score: 13.83

Matched TTPs:

T1547.005 - Security Support Provider
T1609 - Container Administration Command
T1556.008 - Network Provider DLL
T1065 - Uncommonly Used Port

MITREへのリンク →

Salt Typhoon

Score: 5.09

Matched TTPs:

T1009 - Binary Padding
T1556 - Modify Authentication Process

MITREへのリンク →

Rocke

Score: 6.48

Matched TTPs:

T1009 - Binary Padding
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Moses Staff

Score: 5.58

Matched TTPs:

T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances

MITREへのリンク →

Lazarus Group

Score: 23.43

Matched TTPs:

T1009 - Binary Padding
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1069.001 - Local Groups
T1597 - Search Closed Sources
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

SilverTerrier

Score: 3.29

Matched TTPs:

T1131 - Authentication Package

MITREへのリンク →

Volatile Cedar

Score: 4.36

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1555.003 - Credentials from Web Browsers

MITREへのリンク →

Deep Panda

Score: 7.80

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1027.014 - Polymorphic Code

MITREへのリンク →

Tropic Trooper

Score: 10.11

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1136.003 - Cloud Account
T1159 - Launch Agent

MITREへのリンク →

Tonto Team

Score: 6.85

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1027.004 - Compile After Delivery

MITREへのリンク →

APT19

Score: 4.22

Matched TTPs:

T1590.006 - Network Security Appliances
T1027.014 - Polymorphic Code

MITREへのリンク →

SideCopy

Score: 8.35

Matched TTPs:

T1590.006 - Network Security Appliances
T1584.002 - DNS Server
T1159 - Launch Agent

MITREへのリンク →

Stealth Falcon

Score: 5.09

Matched TTPs:

T1590.006 - Network Security Appliances
T1556.009 - Conditional Access Policies

MITREへのリンク →

Moonstone Sleet

Score: 6.74

Matched TTPs:

T1590.006 - Network Security Appliances
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel

MITREへのリンク →

Darkhotel

Score: 5.31

Matched TTPs:

T1590.006 - Network Security Appliances
T1064 - Scripting

MITREへのリンク →

ZIRCONIUM

Score: 5.82

Matched TTPs:

T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1027.004 - Compile After Delivery

MITREへのリンク →

Axiom

Score: 4.93

Matched TTPs:

T1177 - LSASS Driver
T1622 - Debugger Evasion

MITREへのリンク →

Silent Librarian

Score: 7.28

Matched TTPs:

T1546.008 - Accessibility Features
T1609 - Container Administration Command

MITREへのリンク →

APT12

Score: 4.54

Matched TTPs:

T1055.002 - Portable Executable Injection

MITREへのリンク →

APT17

Score: 5.45

Matched TTPs:

T1608.005 - Link Target
T1656 - Impersonation

MITREへのリンク →

Storm-1811

Score: 9.81

Matched TTPs:

T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Blue Mockingbird

Score: 8.93

Matched TTPs:

T1027.014 - Polymorphic Code
T1622 - Debugger Evasion
T1001.001 - Junk Data

MITREへのリンク →

Inception

Score: 5.49

Matched TTPs:

T1027.014 - Polymorphic Code
T1159 - Launch Agent

MITREへのリンク →

Thrip

Score: 5.67

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1556 - Modify Authentication Process

MITREへのリンク →

APT18

Score: 3.84

Matched TTPs:

T1591.001 - Determine Physical Locations

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70

Matched TTPs:

T1546.013 - PowerShell Profile
T1546.008 - Accessibility Features
T1597 - Search Closed Sources
T1109 - Component Firmware
T1560.001 - Archive via Utility
T1131 - Authentication Package
T1027.014 - Polymorphic Code
T1009 - Binary Padding
T1590.006 - Network Security Appliances
T1622 - Debugger Evasion
T1003.007 - Proc Filesystem
T1213.006 - Databases
T1051 - Shared Webroot
T1565.002 - Transmitted Data Manipulation
T1555.003 - Credentials from Web Browsers
T1608.005 - Link Target
T1027.004 - Compile After Delivery
T1656 - Impersonation
T1609 - Container Administration Command
T1684 - Social Engineering

MITREへのリンク →

Scattered Spider

Score: 0.56

Matched TTPs:

T1622 - Debugger Evasion
T1027 - Obfuscated Files or Information
T1666 - Modify Cloud Resource Hierarchy
T1556.008 - Network Provider DLL
T1083 - File and Directory Discovery
T1051 - Shared Webroot
T1565.002 - Transmitted Data Manipulation
T1597 - Search Closed Sources
T1109 - Component Firmware
T1547.005 - Security Support Provider
T1685.004 - Disable or Modify Linux Audit System Log
T1560.003 - Archive via Custom Method
T1590.006 - Network Security Appliances
T1609 - Container Administration Command

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Technical Analysis of MLTBackdoor

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ