Trusted Design

ArcSight ESM and ESM Express, Remote Arbitrary File Download

概要

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with ArcSight ESM and ESM Express. The vulnerabilities could be exploited remotely to trick an unsuspecting user into downloading arbitrary files, or running arbitrary commands on the local system. References: CVE-2016-1990 CVE-2016-1991 PSRT102039 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP ArcSight ESM Express all versions HP ArcSight ESM 5.x versions prior to 5.6, 6.0, 6.5.x prior to 6.5C SP1 Patch 2, 6.8c

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 16.99
Matched TTPs:
  • T1021.005 - VNC
  • T1087.002 - Domain Account
  • T1562.010 - Downgrade Attack
  • T1059.013 - Container CLI/API
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 16.31
Matched TTPs:
  • T1021.005 - VNC
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

GCMAN

Score: 3.62
Matched TTPs:
  • T1021.005 - VNC
MITREへのリンク →

Fox Kitten

Score: 9.28
Matched TTPs:
  • T1021.005 - VNC
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Cobalt Group

Score: 13.00
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

MuddyWater

Score: 14.68
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 6.99
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 19.32
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT37

Score: 10.61
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Gallmaker

Score: 3.53
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
MITREへのリンク →

Leviathan

Score: 14.67
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 6.99
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 5.50
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 12.88
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 18.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Elderwood

Score: 3.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 8.77
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 7.56
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.010 - Downgrade Attack
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

RTM

Score: 3.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Tropic Trooper

Score: 11.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 3.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

PLATINUM

Score: 6.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

menuPass

Score: 9.04
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

HEXANE

Score: 3.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN8

Score: 4.40
Matched TTPs:
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 10.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

PROMETHIUM

Score: 3.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 7.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Higaisa

Score: 9.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
  • T1546.017 - Udev Rules
MITREへのリンク →

Wizard Spider

Score: 4.40
Matched TTPs:
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

OilRig

Score: 10.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Sandworm Team

Score: 12.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 7.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-1811

Score: 4.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 3.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lazarus Group

Score: 16.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
  • T1216 - System Script Proxy Execution
MITREへのリンク →

FIN6

Score: 6.79
Matched TTPs:
  • T1087.002 - Domain Account
  • T1550 - Use Alternate Authentication Material
  • T1209 - Time Providers
  • T1622 - Debugger Evasion
MITREへのリンク →

TA2541

Score: 4.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 3.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 3.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 4.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 6.37
Matched TTPs:
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Mustang Panda

Score: 13.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1136.001 - Local Account
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 4.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 3.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 11.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT33

Score: 4.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 3.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Indrik Spider

Score: 3.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT29

Score: 7.19
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Confucius

Score: 7.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackTech

Score: 5.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

Volt Typhoon

Score: 12.34
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
MITREへのリンク →

Storm-0501

Score: 8.24
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Rocke

Score: 8.82
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ember Bear

Score: 11.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1003.003 - NTDS
MITREへのリンク →

BackdoorDiplomacy

Score: 4.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
MITREへのリンク →

FIN13

Score: 11.39
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.006 - Systemd Timers
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 17.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 10.44
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1556.005 - Reversible Encryption
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 15.88
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1550 - Use Alternate Authentication Material
  • T1562.010 - Downgrade Attack
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Ke3chang

Score: 6.03
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 4.88
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1622 - Debugger Evasion
MITREへのリンク →

ToddyCat

Score: 4.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1665 - Hide Infrastructure
MITREへのリンク →

Blue Mockingbird

Score: 3.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

Winter Vivern

Score: 3.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 8.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Axiom

Score: 11.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

APT41

Score: 8.34
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Play

Score: 4.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

HAFNIUM

Score: 10.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 3.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

TeamTNT

Score: 9.16
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

DarkVishnya

Score: 4.36
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1209 - Time Providers
MITREへのリンク →

Akira

Score: 4.24
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1622 - Debugger Evasion
MITREへのリンク →

LuminousMoth

Score: 4.56
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT3

Score: 3.92
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Evilnum

Score: 3.71
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 5.35
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Chimera

Score: 8.21
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
MITREへのリンク →

Turla

Score: 4.63
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN10

Score: 4.31
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Velvet Ant

Score: 6.80
Matched TTPs:
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.78
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.002 - Domain Account
  • T1550 - Use Alternate Authentication Material
  • T1206 - Sudo Caching
  • T1218.010 - Regsvr32
MITREへのリンク →

Medusa Group

Score: 0.71
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1209 - Time Providers
  • T1586.002 - Email Accounts
  • T1556.005 - Reversible Encryption
  • T1094 - Custom Command and Control Protocol
  • T1216 - System Script Proxy Execution
  • T1622 - Debugger Evasion
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Gamaredon Group

Score: 0.69
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1556.005 - Reversible Encryption
  • T1059.013 - Container CLI/API
  • T1021.005 - VNC
  • T1562.010 - Downgrade Attack
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
  • T1556.005 - Reversible Encryption
  • T1003.003 - NTDS
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.002 - Domain Account
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN7

Score: 0.68
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1586.002 - Email Accounts
  • T1490 - Inhibit System Recovery
  • T1021.005 - VNC
  • T1622 - Debugger Evasion
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.002 - Domain Account
  • T1206 - Sudo Caching
MITREへのリンク →

Lazarus Group

Score: 0.67
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1209 - Time Providers
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
  • T1087.002 - Domain Account
  • T1550 - Use Alternate Authentication Material
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackByte

Score: 0.63
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1209 - Time Providers
  • T1586.002 - Email Accounts
  • T1556.005 - Reversible Encryption
  • T1562.010 - Downgrade Attack
  • T1622 - Debugger Evasion
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550 - Use Alternate Authentication Material
MITREへのリンク →

MuddyWater

Score: 0.58
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1586.002 - Email Accounts
  • T1556.005 - Reversible Encryption
  • T1059.013 - Container CLI/API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.002 - Domain Account
  • T1206 - Sudo Caching
  • T1218.010 - Regsvr32
MITREへのリンク →

Leviathan

Score: 0.58
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.002 - Domain Account
  • T1550 - Use Alternate Authentication Material
  • T1546.017 - Udev Rules
  • T1206 - Sudo Caching
  • T1218.010 - Regsvr32
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る