Pulse Detail-

Tracing Pony’s Threat Cycle and Multi-Stage Infection Chain

概要

From the beginning of 2015, a malicious spear-phishing campaign dubbed Pony, has been actively luring victims. The spam e-mails are enticing users by impersonating well known companies, using their logos and known subject lines to further sell the deception. These e-mails kick off a multi-stage infection chain. The first stage would be a malicious link within the e-mail or attachment, containing malicious code, in this case Pony. Pony will infect the victim computer and download an additional malware. Pony was originally configured to download different malware families, however, due to criminal strategy changes, it currently only downloads Dyre. Every Pony domain appears to belong to the same group, the infrastructure is mainly in Russia and Ukraine. Most of the IP addresses belong to known bulletproof hosting networks that advertise their services on different forums. The criminals are also relying on a network of hacked servers to perform the multi-stage infection chain.

Created: 2026-02-23

Indicators

類似Pulses

Exposedbotnets: probably Pony domains (score: 0.70)
Microsoft Word Intruder: Operation Pony Express (score: 0.66)
Malicious VBScript file delivers Pony Loader (score: 0.65)
The Postal Group (score: 0.64)
Dyre: Emerging threat on financial fraud landscape (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 54.82

Matched TTPs:

T1033 - System Owner/User Discovery
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1608.005 - Link Target
T1055.014 - VDSO Hijacking
T1562.013 - Disable or Modify Network Device Firewall
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1030 - Data Transfer Size Limits
T1197 - BITS Jobs
T1656 - Impersonation
T1027.018 - Invisible Unicode
T1003.003 - NTDS
T1008 - Fallback Channels
T1053.002 - At

MITREへのリンク →

Sea Turtle

Score: 7.84

Matched TTPs:

T1033 - System Owner/User Discovery
T1098.007 - Additional Local or Domain Groups
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Ember Bear

Score: 21.04

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1136.002 - Domain Account
T1656 - Impersonation
T1003.003 - NTDS

MITREへのリンク →

Indrik Spider

Score: 8.15

Matched TTPs:

T1033 - System Owner/User Discovery
T1183 - Image File Execution Options Injection
T1546.016 - Installer Packages

MITREへのリンク →

Agrius

Score: 3.03

Matched TTPs:

T1033 - System Owner/User Discovery

MITREへのリンク →

Contagious Interview

Score: 27.55

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1562.010 - Downgrade Attack
T1608.005 - Link Target
T1030 - Data Transfer Size Limits
T1656 - Impersonation
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 38.25

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1484.002 - Trust Modification
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1049 - System Network Connections Discovery
T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1548.006 - TCC Manipulation
T1027.018 - Invisible Unicode

MITREへのリンク →

Star Blizzard

Score: 18.43

Matched TTPs:

T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1657 - Financial Theft

MITREへのリンク →

APT41

Score: 13.67

Matched TTPs:

T1539 - Steal Web Session Cookie
T1598.003 - Spearphishing Link
T1030 - Data Transfer Size Limits
T1548.006 - TCC Manipulation
T1008 - Fallback Channels

MITREへのリンク →

TA551

Score: 7.75

Matched TTPs:

T1539 - Steal Web Session Cookie
T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code

MITREへのリンク →

Mustard Tempest

Score: 12.60

Matched TTPs:

T1682 - Query Public AI Services
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode
T1053.002 - At

MITREへのリンク →

Leviathan

Score: 27.62

Matched TTPs:

T1484.002 - Trust Modification
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1027.014 - Polymorphic Code
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackTech

Score: 3.68

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

MuddyWater

Score: 8.09

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1608.005 - Link Target
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

LuminousMoth

Score: 9.90

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1105 - Ingress Tool Transfer
T1027.018 - Invisible Unicode

MITREへのリンク →

Confucius

Score: 5.69

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Mofang

Score: 3.68

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Sidewinder

Score: 9.76

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1657 - Financial Theft
T1027.018 - Invisible Unicode

MITREへのリンク →

Elderwood

Score: 3.68

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Machete

Score: 3.68

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN7

Score: 18.79

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1011.001 - Exfiltration Over Bluetooth
T1608.005 - Link Target
T1547.002 - Authentication Package
T1105 - Ingress Tool Transfer
T1027.018 - Invisible Unicode

MITREへのリンク →

Transparent Tribe

Score: 11.15

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1105 - Ingress Tool Transfer
T1027.018 - Invisible Unicode
T1053.002 - At

MITREへのリンク →

Mustang Panda

Score: 25.73

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1608.005 - Link Target
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1548.006 - TCC Manipulation
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN8

Score: 6.43

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

APT32

Score: 20.90

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1592.004 - Client Configurations
T1608.005 - Link Target
T1027.014 - Polymorphic Code
T1105 - Ingress Tool Transfer
T1027.018 - Invisible Unicode

MITREへのリンク →

APT1

Score: 11.87

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1136.002 - Domain Account
T1053.002 - At

MITREへのリンク →

Lazarus Group

Score: 22.69

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1608.005 - Link Target
T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1547.008 - LSASS Driver

MITREへのリンク →

APT33

Score: 7.81

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1567.001 - Exfiltration to Code Repository
T1027.018 - Invisible Unicode

MITREへのリンク →

ZIRCONIUM

Score: 14.63

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 11.98

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Molerats

Score: 3.68

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 21.95

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1608.005 - Link Target
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver
T1053.002 - At

MITREへのリンク →

OilRig

Score: 18.95

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1098.007 - Additional Local or Domain Groups
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Windshift

Score: 6.20

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Cobalt Group

Score: 9.17

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

APT29

Score: 19.27

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1592.004 - Client Configurations
T1608.005 - Link Target
T1218.009 - Regsvcs/Regasm
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

FIN4

Score: 3.68

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode

MITREへのリンク →

TA2541

Score: 14.39

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1136.002 - Domain Account
T1608.005 - Link Target
T1128 - Netsh Helper DLL
T1027.018 - Invisible Unicode

MITREへのリンク →

Earth Lusca

Score: 17.22

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1136.002 - Domain Account
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

RedCurl

Score: 9.09

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer
T1027.018 - Invisible Unicode

MITREへのリンク →

Storm-1811

Score: 13.06

Matched TTPs:

T1543.003 - Windows Service
T1098.007 - Additional Local or Domain Groups
T1567.003 - Exfiltration to Text Storage Sites
T1030 - Data Transfer Size Limits
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 16.13

Matched TTPs:

T1543.003 - Windows Service
T1136.002 - Domain Account
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Wizard Spider

Score: 16.06

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1083 - File and Directory Discovery
T1567.001 - Exfiltration to Code Repository
T1548.006 - TCC Manipulation
T1027.018 - Invisible Unicode

MITREへのリンク →

TA577

Score: 5.47

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol
T1027.018 - Invisible Unicode

MITREへのリンク →

Patchwork

Score: 9.42

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1027.018 - Invisible Unicode
T1008 - Fallback Channels

MITREへのリンク →

TA505

Score: 9.63

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1136.002 - Domain Account
T1027.018 - Invisible Unicode

MITREへのリンク →

LazyScripter

Score: 11.64

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1136.002 - Domain Account
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

APT42

Score: 13.00

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1128 - Netsh Helper DLL
T1030 - Data Transfer Size Limits

MITREへのリンク →

APT39

Score: 6.08

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

Scattered Spider

Score: 33.50

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1144 - Gatekeeper Bypass
T1136.002 - Domain Account
T1083 - File and Directory Discovery
T1552.003 - Shell History
T1030 - Data Transfer Size Limits
T1197 - BITS Jobs
T1090.004 - Domain Fronting
T1557.002 - ARP Cache Poisoning
T1548.006 - TCC Manipulation

MITREへのリンク →

Silent Librarian

Score: 6.26

Matched TTPs:

T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection

MITREへのリンク →

APT28

Score: 34.94

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1547.002 - Authentication Package
T1197 - BITS Jobs
T1146 - Clear Command History
T1105 - Ingress Tool Transfer
T1548.006 - TCC Manipulation
T1027.018 - Invisible Unicode
T1055.008 - Ptrace System Calls
T1546.007 - Netsh Helper DLL

MITREへのリンク →

Moonstone Sleet

Score: 15.07

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 13.28

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1218.001 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 13.65

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1657 - Financial Theft
T1546.016 - Installer Packages
T1548.006 - TCC Manipulation

MITREへのリンク →

Saint Bear

Score: 9.25

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1030 - Data Transfer Size Limits
T1027.018 - Invisible Unicode

MITREへのリンク →

Tropic Trooper

Score: 6.29

Matched TTPs:

T1598.003 - Spearphishing Link
T1128 - Netsh Helper DLL
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN6

Score: 8.48

Matched TTPs:

T1598.003 - Spearphishing Link
T1128 - Netsh Helper DLL
T1548.006 - TCC Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

BRONZE BUTLER

Score: 8.00

Matched TTPs:

T1598.003 - Spearphishing Link
T1592.004 - Client Configurations
T1008 - Fallback Channels

MITREへのリンク →

WIRTE

Score: 3.62

Matched TTPs:

T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code

MITREへのリンク →

menuPass

Score: 4.73

Matched TTPs:

T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1548.006 - TCC Manipulation

MITREへのリンク →

Threat Group-3390

Score: 4.36

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Gamaredon Group

Score: 21.73

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1562.010 - Downgrade Attack
T1608.005 - Link Target
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode

MITREへのリンク →

BITTER

Score: 4.36

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Inception

Score: 3.62

Matched TTPs:

T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code

MITREへのリンク →

Ajax Security Team

Score: 3.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.008 - LSASS Driver

MITREへのリンク →

RTM

Score: 4.16

Matched TTPs:

T1598.003 - Spearphishing Link
T1008 - Fallback Channels

MITREへのリンク →

Winter Vivern

Score: 7.37

Matched TTPs:

T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1218.001 - Compiled HTML File
T1027.018 - Invisible Unicode

MITREへのリンク →

APT12

Score: 3.27

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.002 - Authentication Package

MITREへのリンク →

APT19

Score: 3.62

Matched TTPs:

T1598.003 - Spearphishing Link
T1027.014 - Polymorphic Code

MITREへのリンク →

Malteiro

Score: 3.40

Matched TTPs:

T1598.003 - Spearphishing Link
T1552.003 - Shell History

MITREへのリンク →

SideCopy

Score: 9.75

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1657 - Financial Theft
T1053.002 - At

MITREへのリンク →

Andariel

Score: 3.33

Matched TTPs:

T1598.003 - Spearphishing Link
T1136.002 - Domain Account

MITREへのリンク →

APT37

Score: 3.27

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.002 - Authentication Package

MITREへのリンク →

IndigoZebra

Score: 7.07

Matched TTPs:

T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

APT38

Score: 8.29

Matched TTPs:

T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1059.005 - Visual Basic
T1027.018 - Invisible Unicode

MITREへのリンク →

HEXANE

Score: 14.46

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1055.014 - VDSO Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

LAPSUS$

Score: 14.63

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1136.002 - Domain Account
T1030 - Data Transfer Size Limits
T1557.002 - ARP Cache Poisoning
T1548.006 - TCC Manipulation

MITREへのリンク →

TeamTNT

Score: 3.49

Matched TTPs:

T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

BlackByte

Score: 5.82

Matched TTPs:

T1091 - Replication Through Removable Media
T1562.010 - Downgrade Attack

MITREへのリンク →

RedEcho

Score: 4.26

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1128 - Netsh Helper DLL

MITREへのリンク →

Medusa Group

Score: 16.45

Matched TTPs:

T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1608.005 - Link Target
T1128 - Netsh Helper DLL
T1548.006 - TCC Manipulation
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Aquatic Panda

Score: 6.30

Matched TTPs:

T1144 - Gatekeeper Bypass
T1136.002 - Domain Account

MITREへのリンク →

FIN13

Score: 11.37

Matched TTPs:

T1144 - Gatekeeper Bypass
T1552.003 - Shell History
T1105 - Ingress Tool Transfer
T1548.006 - TCC Manipulation

MITREへのリンク →

Volt Typhoon

Score: 12.42

Matched TTPs:

T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1546.016 - Installer Packages
T1548.006 - TCC Manipulation

MITREへのリンク →

INC Ransom

Score: 9.43

Matched TTPs:

T1083 - File and Directory Discovery
T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

HAFNIUM

Score: 14.77

Matched TTPs:

T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1105 - Ingress Tool Transfer
T1548.006 - TCC Manipulation
T1055.008 - Ptrace System Calls

MITREへのリンク →

Axiom

Score: 6.91

Matched TTPs:

T1049 - System Network Connections Discovery
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Storm-0501

Score: 9.40

Matched TTPs:

T1552.003 - Shell History
T1027.014 - Polymorphic Code
T1090.004 - Domain Fronting

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

APT17

Score: 5.45

Matched TTPs:

T1608.005 - Link Target
T1656 - Impersonation

MITREへのリンク →

POLONIUM

Score: 4.41

Matched TTPs:

T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

TA578

Score: 3.37

Matched TTPs:

T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29

Matched TTPs:

T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Fox Kitten

Score: 5.78

Matched TTPs:

T1656 - Impersonation
T1548.006 - TCC Manipulation

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Daggerfly

Score: 4.19

Matched TTPs:

T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Rocke

Score: 5.95

Matched TTPs:

T1105 - Ingress Tool Transfer
T1008 - Fallback Channels

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1003.003 - NTDS
T1562.013 - Disable or Modify Network Device Firewall
T1053.002 - At
T1656 - Impersonation
T1608.005 - Link Target
T1598.003 - Spearphishing Link
T1033 - System Owner/User Discovery
T1552.003 - Shell History
T1183 - Image File Execution Options Injection
T1055.014 - VDSO Hijacking
T1027.014 - Polymorphic Code
T1008 - Fallback Channels
T1027.018 - Invisible Unicode
T1030 - Data Transfer Size Limits
T1091 - Replication Through Removable Media
T1197 - BITS Jobs
T1547.002 - Authentication Package
T1098.007 - Additional Local or Domain Groups
T1024 - Custom Cryptographic Protocol

MITREへのリンク →

Sandworm Team

Score: 0.61

Matched TTPs:

T1005 - Data from Local System
T1091 - Replication Through Removable Media
T1049 - System Network Connections Discovery
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1546.016 - Installer Packages
T1548.006 - TCC Manipulation
T1598.003 - Spearphishing Link
T1484.002 - Trust Modification
T1564.008 - Email Hiding Rules
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode
T1098.007 - Additional Local or Domain Groups
T1033 - System Owner/User Discovery

MITREへのリンク →

APT28

Score: 0.56

Matched TTPs:

T1197 - BITS Jobs
T1055.008 - Ptrace System Calls
T1566.002 - Spearphishing Link
T1105 - Ingress Tool Transfer
T1608.005 - Link Target
T1598.003 - Spearphishing Link
T1546.007 - Netsh Helper DLL
T1146 - Clear Command History
T1547.002 - Authentication Package
T1027.018 - Invisible Unicode
T1098.007 - Additional Local or Domain Groups
T1024 - Custom Cryptographic Protocol
T1548.006 - TCC Manipulation

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Tracing Pony’s Threat Cycle and Multi-Stage Infection Chain

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ