Trusted Design

Sandworm to Blacken: The SCADA Connection

概要

On October 14th, a report was publicly released regarding the Sandworm team. After beginning an investigation into the affiliated malware samples and domains, we quickly came to realization that this group is very likely targeting SCADA-centric victims who are using GE Intelligent Platform’s CIMPLICITY HMI solution suite. We have observed this team utilizing .cim and .bcl files as attack vectors, both of which file types are used by the CIMPLICITY software. As further proof of the malware targeting CIMPILICITY, it drops files into the CIMPLICITY installation directory using the %CIMPATH% environment variable on the victim machines.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Turla

Score: 6.63
Matched TTPs:
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
MITREへのリンク →

Kimsuky

Score: 16.53
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1537 - Transfer Data to Cloud Account
  • T1053.002 - At
MITREへのリンク →

Mustang Panda

Score: 20.73
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.001 - Local Account
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Mustard Tempest

Score: 9.80
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

FIN13

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 8.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 13.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
  • T1174 - Password Filter DLL
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 8.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 14.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 13.24
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 16.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Aoqin Dragon

Score: 4.15
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 4.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Ke3chang

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TeamTNT

Score: 7.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN7

Score: 7.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

TA2541

Score: 11.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 4.96
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

LazyScripter

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Gamaredon Group

Score: 10.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.013 - Container CLI/API
  • T1546.017 - Udev Rules
MITREへのリンク →

Star Blizzard

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Threat Group-3390

Score: 10.17
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

SideCopy

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

TA505

Score: 5.54
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

BlackByte

Score: 3.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

BITTER

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT32

Score: 10.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1592.004 - Client Configurations
  • T1174 - Password Filter DLL
MITREへのリンク →

HEXANE

Score: 3.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Saint Bear

Score: 4.03
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

EXOTIC LILY

Score: 6.01
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 6.24
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Ember Bear

Score: 5.31
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Rocke

Score: 7.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Volt Typhoon

Score: 5.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT28

Score: 9.46
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1548.006 - TCC Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Magic Hound

Score: 8.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

Medusa Group

Score: 13.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 6.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1059.013 - Container CLI/API
MITREへのリンク →

Storm-0501

Score: 3.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Fox Kitten

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

menuPass

Score: 8.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1174 - Password Filter DLL
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 6.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1001.001 - Junk Data
MITREへのリンク →

GALLIUM

Score: 6.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Leviathan

Score: 6.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1546.017 - Udev Rules
MITREへのリンク →

Dragonfly

Score: 5.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Axiom

Score: 6.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1160 - Launch Daemon
MITREへのリンク →

APT41

Score: 5.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

HAFNIUM

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MuddyWater

Score: 5.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 3.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Storm-1811

Score: 4.04
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT1

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

Scattered Spider

Score: 3.86
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Transparent Tribe

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

ZIRCONIUM

Score: 3.57
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedEcho

Score: 4.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT38

Score: 6.86
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

CURIUM

Score: 4.04
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 3.84
Matched TTPs:
  • T1592.004 - Client Configurations
MITREへのリンク →

APT33

Score: 4.13
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
MITREへのリンク →

Wizard Spider

Score: 6.47
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Daggerfly

Score: 3.29
Matched TTPs:
  • T1174 - Password Filter DLL
MITREへのリンク →

Velvet Ant

Score: 6.88
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 7.61
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 4.58
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

PLATINUM

Score: 4.54
Matched TTPs:
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Higaisa

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.79
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1053.007 - Container Orchestration Job
  • T1055.005 - Thread Local Storage
  • T1136.001 - Local Account
  • T1606.002 - SAML Tokens
  • T1548.006 - TCC Manipulation
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT29

Score: 0.64
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1555.004 - Windows Credential Manager
  • T1547.008 - LSASS Driver
  • T1606.002 - SAML Tokens
  • T1592.004 - Client Configurations
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Kimsuky

Score: 0.63
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1053.007 - Container Orchestration Job
  • T1537 - Transfer Data to Cloud Account
  • T1053.002 - At
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Sandworm Team

Score: 0.60
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1606.002 - SAML Tokens
  • T1548.006 - TCC Manipulation
  • T1098.007 - Additional Local or Domain Groups
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

OilRig

Score: 0.60
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1547.008 - LSASS Driver
  • T1606.002 - SAML Tokens
  • T1128 - Netsh Helper DLL
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Lazarus Group

Score: 0.57
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1174 - Password Filter DLL
  • T1547.008 - LSASS Driver
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Medusa Group

Score: 0.56
Matched TTPs:
  • T1094 - Custom Command and Control Protocol
  • T1537 - Transfer Data to Cloud Account
  • T1128 - Netsh Helper DLL
  • T1548.006 - TCC Manipulation
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る