Trusted Design

IRS Refund-themed Spam Campaign Delivers Kovter and CoreBOT

概要

IOCs derived from post on https://heimdalsecurity.com/blog/security-alert-fileless-kovter-teams-modular-corebot-malware-irs-spam-campaign/ IRS-refund themed spam campaign claiming to be a refund notification from the IRS. The spam email includes a .zip attachment. In that attachment, there is a .js file which will activate Windows PowerShell in order to download the primary payload as soon as the .zip file is opened. The primary payload appears to be Kovter, and the seconday one CoreBOT. Kovter is a Trojan whose primary use was performing click-fraud operations on the PCs it infected. But, earlier this year, Kovter was seen incorporating new cloaking tricks in order to evade detection. Its core assets: the ability to remain hidden and to persist for a longer period in the memory of the compromised machines. CoreBOT is a type of modular malware, which allows cyber criminals to build upon it and has evolved from data-stealing malware to financial malware almost overnight earlier this year.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 23.81
Matched TTPs:
  • T1027.011 - Fileless Storage
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Turla

Score: 25.16
Matched TTPs:
  • T1027.011 - Fileless Storage
  • T1564.012 - File/Path Exclusions
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Kimsuky

Score: 35.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1036.007 - Double File Extension
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Sea Turtle

Score: 9.00
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 13.02
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Indrik Spider

Score: 11.27
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 8.72
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
MITREへのリンク →

Contagious Interview

Score: 29.40
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1543.001 - Launch Agent
  • T1204.004 - Malicious Copy and Paste
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Sandworm Team

Score: 29.85
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

Star Blizzard

Score: 7.52
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Lazarus Group

Score: 33.61
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 15.83
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 9.96
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

FIN4

Score: 9.93
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1014 - Rootkit
MITREへのリンク →

APT41

Score: 15.18
Matched TTPs:
  • T1014 - Rootkit
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Rocke

Score: 19.61
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1027.002 - Software Packing
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

TeamTNT

Score: 17.62
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1027.002 - Software Packing
MITREへのリンク →

APT28

Score: 22.01
Matched TTPs:
  • T1014 - Rootkit
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

UNC3886

Score: 17.60
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1205.001 - Port Knocking
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustang Panda

Score: 33.30
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN13

Score: 11.89
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

OilRig

Score: 26.03
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LuminousMoth

Score: 10.04
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Salt Typhoon

Score: 5.69
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT29

Score: 17.23
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
MITREへのリンク →

Play

Score: 5.47
Matched TTPs:
  • T1587.001 - Malware
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

RedCurl

Score: 16.28
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1027 - Obfuscated Files or Information
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Ke3chang

Score: 17.50
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1569.002 - Service Execution
MITREへのリンク →

FIN7

Score: 29.84
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
MITREへのリンク →

Malteiro

Score: 5.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 6.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Transparent Tribe

Score: 7.59
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Dragonfly

Score: 8.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

WIRTE

Score: 4.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
MITREへのリンク →

RTM

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 4.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

CURIUM

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Tropic Trooper

Score: 12.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Dark Caracal

Score: 4.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

PLATINUM

Score: 5.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
MITREへのリンク →

menuPass

Score: 6.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
MITREへのリンク →

TA551

Score: 6.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027.003 - Steganography
MITREへのリンク →

HEXANE

Score: 6.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

FIN8

Score: 8.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Threat Group-3390

Score: 23.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 5.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 12.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 8.28
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
MITREへのリンク →

PROMETHIUM

Score: 8.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1205.001 - Port Knocking
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA505

Score: 10.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027.002 - Software Packing
MITREへのリンク →

APT39

Score: 15.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Higaisa

Score: 7.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Wizard Spider

Score: 12.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Magic Hound

Score: 5.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cobalt Group

Score: 5.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-1811

Score: 9.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1667 - Email Bombing
MITREへのリンク →

Inception

Score: 4.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 7.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

FIN6

Score: 7.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Patchwork

Score: 7.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 3.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
MITREへのリンク →

Gorgon Group

Score: 8.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
MITREへのリンク →

APT19

Score: 7.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 12.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 22.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

SideCopy

Score: 3.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

Leviathan

Score: 15.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Andariel

Score: 10.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 18.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT38

Score: 16.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1036.006 - Space after Filename
  • T1569.002 - Service Execution
MITREへのリンク →

MuddyWater

Score: 14.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Molerats

Score: 6.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 5.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 24.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1027.015 - Compression
MITREへのリンク →

Darkhotel

Score: 14.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

The White Company

Score: 5.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

APT33

Score: 6.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Silence

Score: 4.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Sidewinder

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 7.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Windshift

Score: 7.90
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cinnamon Tempest

Score: 10.31
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Medusa Group

Score: 13.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.002 - Upload Tool
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Aquatic Panda

Score: 7.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Blue Mockingbird

Score: 5.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 7.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1569.002 - Service Execution
MITREへのリンク →

Carbanak

Score: 5.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT3

Score: 7.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Winter Vivern

Score: 6.39
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 6.71
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

HAFNIUM

Score: 10.13
Matched TTPs:
  • T1583.005 - Botnet
  • T1584.005 - Botnet
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1583.005 - Botnet
MITREへのリンク →

Chimera

Score: 5.77
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Volt Typhoon

Score: 13.45
Matched TTPs:
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1584.004 - Server
MITREへのリンク →

ZIRCONIUM

Score: 8.21
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

LAPSUS$

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

BackdoorDiplomacy

Score: 5.59
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Axiom

Score: 6.88
Matched TTPs:
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

INC Ransom

Score: 5.77
Matched TTPs:
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-0501

Score: 4.58
Matched TTPs:
  • T1657 - Financial Theft
  • T1027.002 - Software Packing
MITREへのリンク →

GALLIUM

Score: 5.19
Matched TTPs:
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.002 - Software Packing
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Velvet Ant

Score: 6.53
Matched TTPs:
  • T1569.002 - Service Execution
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1588.003 - Code Signing Certificates
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1036.007 - Double File Extension
  • T1657 - Financial Theft
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
  • T1583 - Acquire Infrastructure
  • T1620 - Reflective Code Loading
  • T1027.002 - Software Packing
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.009 - Embedded Payloads
  • T1027.007 - Dynamic API Resolution
  • T1620 - Reflective Code Loading
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
  • T1543.003 - Windows Service
MITREへのリンク →

Mustang Panda

Score: 0.75
Matched TTPs:
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1588.003 - Code Signing Certificates
  • T1678 - Delay Execution
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1036.007 - Double File Extension
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1027.007 - Dynamic API Resolution
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 0.72
Matched TTPs:
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1608.001 - Upload Malware
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1497.002 - User Activity Based Checks
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1564.001 - Hidden Files and Directories
  • T1543.003 - Windows Service
MITREへのリンク →

Sandworm Team

Score: 0.71
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1584.005 - Botnet
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583 - Acquire Infrastructure
  • T1203 - Exploitation for Client Execution
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Contagious Interview

Score: 0.66
Matched TTPs:
  • T1588.002 - Tool
  • T1036 - Masquerading
  • T1608.001 - Upload Malware
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.001 - Launch Agent
  • T1657 - Financial Theft
  • T1583 - Acquire Infrastructure
  • T1204.004 - Malicious Copy and Paste
  • T1681 - Search Threat Vendor Data
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Turla

Score: 0.64
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1588.001 - Malware
  • T1587.001 - Malware
  • T1189 - Drive-by Compromise
  • T1564.012 - File/Path Exclusions
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.011 - Fileless Storage
MITREへのリンク →

OilRig

Score: 0.59
Matched TTPs:
  • T1007 - System Service Discovery
  • T1195 - Supply Chain Compromise
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.003 - Code Signing Certificates
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1203 - Exploitation for Client Execution
  • T1543.003 - Windows Service
MITREへのリンク →

Gamaredon Group

Score: 0.57
Matched TTPs:
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1027.015 - Compression
  • T1080 - Taint Shared Content
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1027.004 - Compile After Delivery
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Threat Group-3390

Score: 0.57
Matched TTPs:
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1588.003 - Code Signing Certificates
  • T1189 - Drive-by Compromise
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1027.015 - Compression
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1027.002 - Software Packing
  • T1203 - Exploitation for Client Execution
  • T1543.003 - Windows Service
MITREへのリンク →

APT32

Score: 0.56
Matched TTPs:
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1027.011 - Fileless Storage
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
  • T1543.003 - Windows Service
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1014 - Rootkit
  • T1588.002 - Tool
  • T1036 - Masquerading
  • T1211 - Exploitation for Defense Evasion
  • T1189 - Drive-by Compromise
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る