Trusted Design

Targets Middle Eastern Telecommunications Companies

概要

Targets Middle Eastern Telecommunications Companies esearchers observed additional activity associated with suspected Iran-based Threat Group-2889[1] (TG-2889) that confirms prior analysis of the group's use of LinkedIn to target victims and its interest in Middle Eastern telecommunications companies. CTU(TM) researchers also uncovered the use of a remote access trojan (RAT) called Helminth that has similarities to other tools used by TG-2889. CTU researchers assess with high confidence that TG-2889 is associated with Iranian government-directed cyber operations. Although the observed activity does not appear to target Western organizations, SecureWorks clients should review the group's tactics, techniques, and procedures (TTPs) and implement defenses against these types of attacks.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 40.99
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1053.007 - Container Orchestration Job
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 9.07
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Ember Bear

Score: 9.76
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1550 - Use Alternate Authentication Material
MITREへのリンク →

Indrik Spider

Score: 9.30
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1552.008 - Chat Messages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 4.68
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 24.73
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1021.006 - Windows Remote Management
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 31.17
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 12.40
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
MITREへのリンク →

Volt Typhoon

Score: 40.42
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1164 - Re-opened Applications
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

LAPSUS$

Score: 18.88
Matched TTPs:
  • T1216.001 - PubPrn
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Andariel

Score: 8.47
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 25.40
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 17.76
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1059 - Command and Scripting Interpreter
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustang Panda

Score: 22.70
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 38.30
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1139 - Bash History
  • T1550 - Use Alternate Authentication Material
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

ZIRCONIUM

Score: 16.07
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 12.74
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1550 - Use Alternate Authentication Material
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 11.21
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 5.74
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
MITREへのリンク →

EXOTIC LILY

Score: 15.55
Matched TTPs:
  • T1114 - Email Collection
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 8.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 21.13
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT32

Score: 11.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1550 - Use Alternate Authentication Material
  • T1608.005 - Link Target
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 12.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 8.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 14.94
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1550 - Use Alternate Authentication Material
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Patchwork

Score: 8.83
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1550 - Use Alternate Authentication Material
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 3.84
Matched TTPs:
  • T1553.002 - Code Signing
MITREへのリンク →

FIN13

Score: 6.27
Matched TTPs:
  • T1553.002 - Code Signing
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 8.57
Matched TTPs:
  • T1218.003 - CMSTP
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 7.66
Matched TTPs:
  • T1218.003 - CMSTP
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 12.06
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

BlackByte

Score: 5.02
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 22.81
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 6.76
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

LuminousMoth

Score: 4.73
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 3.37
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 7.76
Matched TTPs:
  • T1550 - Use Alternate Authentication Material
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

UNC3886

Score: 7.57
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1055.015 - ListPlanting
MITREへのリンク →

Earth Lusca

Score: 6.99
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 10.17
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 6.55
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 9.42
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 18.54
Matched TTPs:
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1055.015 - ListPlanting
MITREへのリンク →

Confucius

Score: 4.15
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 6.55
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

POLONIUM

Score: 7.16
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

TA2541

Score: 4.15
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 4.15
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 4.40
Matched TTPs:
  • T1657 - Financial Theft
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 6.27
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Wizard Spider

Score: 7.92
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.03
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

RedCurl

Score: 4.11
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

INC Ransom

Score: 5.71
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Winter Vivern

Score: 5.76
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA551

Score: 3.52
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 6.53
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-0501

Score: 6.88
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1090.004 - Domain Fronting
MITREへのリンク →

Blue Mockingbird

Score: 4.39
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1622 - Debugger Evasion
MITREへのリンク →

WIRTE

Score: 3.52
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 7.84
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT37

Score: 3.17
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 6.18
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HEXANE

Score: 8.44
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

OilRig

Score: 9.75
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 10.00
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1055.015 - ListPlanting
MITREへのリンク →

FIN8

Score: 3.78
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 4.66
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT3

Score: 3.78
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84
Matched TTPs:
  • T1690 - Prevent Command History Logging
  • T1622 - Debugger Evasion
  • T1566.002 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1197 - BITS Jobs
  • T1547.002 - Authentication Package
  • T1114 - Email Collection
  • T1057 - Process Discovery
  • T1053.007 - Container Orchestration Job
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1033 - System Owner/User Discovery
  • T1027.018 - Invisible Unicode
  • T1102.003 - One-Way Communication
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 0.83
Matched TTPs:
  • T1065 - Uncommonly Used Port
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1164 - Re-opened Applications
  • T1552.008 - Chat Messages
  • T1114 - Email Collection
  • T1057 - Process Discovery
  • T1547.013 - XDG Autostart Entries
  • T1553.002 - Code Signing
  • T1102.003 - One-Way Communication
  • T1685.001 - Disable or Modify Windows Event Log
  • T1148 - HISTCONTROL
MITREへのリンク →

APT28

Score: 0.80
Matched TTPs:
  • T1139 - Bash History
  • T1122 - Component Object Model Hijacking
  • T1546.007 - Netsh Helper DLL
  • T1566.002 - Spearphishing Link
  • T1550 - Use Alternate Authentication Material
  • T1197 - BITS Jobs
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1027.018 - Invisible Unicode
  • T1608.005 - Link Target
  • T1146 - Clear Command History
  • T1685.001 - Disable or Modify Windows Event Log
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 0.69
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1547.002 - Authentication Package
  • T1114 - Email Collection
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1033 - System Owner/User Discovery
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
  • T1566.002 - Spearphishing Link
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1608.005 - Link Target
  • T1187 - Forced Authentication
MITREへのリンク →

Contagious Interview

Score: 0.55
Matched TTPs:
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
  • T1044 - File System Permissions Weakness
  • T1027.018 - Invisible Unicode
  • T1021.006 - Windows Remote Management
  • T1033 - System Owner/User Discovery
  • T1102.003 - One-Way Communication
  • T1608.005 - Link Target
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る