Trusted Design

Discovering Recent PlugX Campaigns Programmatically

概要

One of the hardest things to do when you are receiving malware that have “anonymized” (e.g. name-is-hash) names or general samples that lack any indication of the infection vector is to determine the origin of the file and its intended target. Even harder is when you do not receive telemetry data from products that contains information about infected machines. To that end, I have been working on automating ways to help ASERT better understand the context around samples so we can answer question about what may have been targeted, why it was targeted and when it was targeted. This post will use the PlugX malware as an example (PlugX is well known and has had its various iterations analyzed many times), due in part to its ongoing activity and will focus on leveraging metadata from VirusTotal due to it being publicly accessible.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Inception

Score: 5.26
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

Dark Caracal

Score: 7.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 3.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Darkhotel

Score: 13.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT28

Score: 19.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
  • T1567.004 - Exfiltration Over Webhook
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Leviathan

Score: 6.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 11.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1487 - Disk Structure Wipe
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT39

Score: 7.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Lazarus Group

Score: 26.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1567.004 - Exfiltration Over Webhook
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 5.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT33

Score: 7.59
Matched TTPs:
  • T1491.002 - External Defacement
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

BITTER

Score: 6.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

TA505

Score: 11.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1560.003 - Archive via Custom Method
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Higaisa

Score: 12.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 4.01
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
MITREへのリンク →

Fox Kitten

Score: 8.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1491 - Defacement
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
MITREへのリンク →

Threat Group-3390

Score: 13.37
Matched TTPs:
  • T1491.002 - External Defacement
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 14.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 5.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 19.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1187 - Forced Authentication
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 10.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 12.81
Matched TTPs:
  • T1491.002 - External Defacement
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Mofang

Score: 4.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 22.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

menuPass

Score: 7.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 14.43
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

OilRig

Score: 23.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.009 - Safe Mode Boot
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT32

Score: 18.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1567.004 - Exfiltration Over Webhook
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1668 - Exclusive Control
  • T1556 - Modify Authentication Process
MITREへのリンク →

Moonstone Sleet

Score: 10.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 12.33
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1668 - Exclusive Control
MITREへのリンク →

Scattered Spider

Score: 8.72
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1491 - Defacement
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 22.41
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1491 - Defacement
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT3

Score: 11.78
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1578.002 - Create Cloud Instance
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN13

Score: 11.84
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Gamaredon Group

Score: 27.75
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1546.017 - Udev Rules
MITREへのリンク →

Ember Bear

Score: 7.33
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1562.001 - Disable or Modify Tools
  • T1668 - Exclusive Control
MITREへのリンク →

RedCurl

Score: 6.23
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1219.001 - IDE Tunneling
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT1

Score: 9.82
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

Ke3chang

Score: 9.94
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN5

Score: 3.04
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 5.00
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
MITREへのリンク →

Agrius

Score: 3.75
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Winter Vivern

Score: 7.15
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
MITREへのリンク →

Confucius

Score: 3.49
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1219.001 - IDE Tunneling
MITREへのリンク →

FIN6

Score: 13.15
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Patchwork

Score: 8.29
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Chimera

Score: 19.75
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1567.004 - Exfiltration Over Webhook
  • T1491 - Defacement
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustang Panda

Score: 22.86
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1567.004 - Exfiltration Over Webhook
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

BRONZE BUTLER

Score: 8.83
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1578.001 - Create Snapshot
MITREへのリンク →

Turla

Score: 12.25
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

Aquatic Panda

Score: 10.11
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1668 - Exclusive Control
MITREへのリンク →

Poseidon Group

Score: 4.04
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Kimsuky

Score: 29.65
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1567.004 - Exfiltration Over Webhook
  • T1683.001 - Written Content
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1668 - Exclusive Control
MITREへのリンク →

Earth Lusca

Score: 8.43
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

admin@338

Score: 3.82
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
MITREへのリンク →

WIRTE

Score: 4.81
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT38

Score: 19.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1567.004 - Exfiltration Over Webhook
  • T1491 - Defacement
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1059.005 - Visual Basic
MITREへのリンク →

Molerats

Score: 6.24
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1546.017 - Udev Rules
MITREへのリンク →

ZIRCONIUM

Score: 8.31
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

MuddyWater

Score: 10.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN7

Score: 12.99
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1578.001 - Create Snapshot
MITREへのリンク →

BlackByte

Score: 5.44
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 15.80
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1567.004 - Exfiltration Over Webhook
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Sandworm Team

Score: 11.93
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1187 - Forced Authentication
MITREへのリンク →

LuminousMoth

Score: 4.12
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
MITREへのリンク →

SideCopy

Score: 3.87
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
MITREへのリンク →

HEXANE

Score: 4.34
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 4.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 7.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

APT5

Score: 5.56
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
MITREへのリンク →

UNC3886

Score: 14.38
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1021.006 - Windows Remote Management
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT29

Score: 12.71
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Medusa Group

Score: 10.36
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Dragonfly

Score: 5.77
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

Velvet Ant

Score: 6.44
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Aoqin Dragon

Score: 4.20
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

ToddyCat

Score: 7.24
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 5.56
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

APT-C-36

Score: 5.34
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Wizard Spider

Score: 10.34
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1668 - Exclusive Control
  • T1556 - Modify Authentication Process
MITREへのリンク →

Naikon

Score: 3.99
Matched TTPs:
  • T1588.001 - Malware
  • T1506 - Web Session Cookie
MITREへのリンク →

Storm-0501

Score: 7.57
Matched TTPs:
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Windshift

Score: 5.94
Matched TTPs:
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Andariel

Score: 5.36
Matched TTPs:
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
MITREへのリンク →

DarkVishnya

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

FIN8

Score: 8.24
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556 - Modify Authentication Process
MITREへのリンク →

GALLIUM

Score: 5.65
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1668 - Exclusive Control
MITREへのリンク →

Sea Turtle

Score: 4.47
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.013 - Container CLI/API
MITREへのリンク →

Cobalt Group

Score: 5.49
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Silence

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Salt Typhoon

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

RedEcho

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

The White Company

Score: 6.54
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

CURIUM

Score: 5.12
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.77
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1003.007 - Proc Filesystem
  • T1668 - Exclusive Control
  • T1683.001 - Written Content
  • T1567.004 - Exfiltration Over Webhook
  • T1537 - Transfer Data to Cloud Account
  • T1583.006 - Web Services
  • T1588.001 - Malware
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
MITREへのリンク →

Gamaredon Group

Score: 0.72
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1562.009 - Safe Mode Boot
  • T1487 - Disk Structure Wipe
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
  • T1059.013 - Container CLI/API
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
MITREへのリンク →

Lazarus Group

Score: 0.72
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
  • T1491.002 - External Defacement
  • T1567.004 - Exfiltration Over Webhook
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1588.001 - Malware
  • T1547.008 - LSASS Driver
  • T1059.010 - AutoHotKey & AutoIT
  • T1578.001 - Create Snapshot
  • T1219.001 - IDE Tunneling
  • T1055.005 - Thread Local Storage
MITREへのリンク →

OilRig

Score: 0.64
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
  • T1003.007 - Proc Filesystem
  • T1562.009 - Safe Mode Boot
  • T1487 - Disk Structure Wipe
  • T1583.006 - Web Services
  • T1547.008 - LSASS Driver
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1491.002 - External Defacement
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Mustang Panda

Score: 0.61
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
  • T1567.004 - Exfiltration Over Webhook
  • T1487 - Disk Structure Wipe
  • T1583.006 - Web Services
  • T1055.005 - Thread Local Storage
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
MITREへのリンク →

Contagious Interview

Score: 0.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
  • T1021.006 - Windows Remote Management
  • T1491.002 - External Defacement
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1547.008 - LSASS Driver
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Volt Typhoon

Score: 0.59
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1003.007 - Proc Filesystem
  • T1537 - Transfer Data to Cloud Account
  • T1562.009 - Safe Mode Boot
  • T1583.006 - Web Services
  • T1560.003 - Archive via Custom Method
  • T1491 - Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1578.001 - Create Snapshot
  • T1219.001 - IDE Tunneling
MITREへのリンク →

APT28

Score: 0.55
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1546.007 - Netsh Helper DLL
  • T1668 - Exclusive Control
  • T1491.002 - External Defacement
  • T1567.004 - Exfiltration Over Webhook
  • T1487 - Disk Structure Wipe
  • T1583.006 - Web Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る