Trusted Design

NetTraveler APT Targets Russian, European Interests

概要

Throughout 2016, Proofpoint researchers tracked a cyber-espionage campaign targeting victims in Russia and neighboring countries. The actor utilizes spear phishing campaigns to deliver NetTraveler, also known as TravNet. First observed as early as 2004, NetTraveler is a Trojan used widely in targeted attacks. We believe that this attacker operates out of China. In addition to Russia, targeted regions include neighboring countries such as Mongolia, Belarus, and other European countries. The spear-phishing campaigns we detected use links to RAR-compressed executables and Microsoft Word attachments that exploit the CVE-2012-0158 vulnerability. This particular APT is targeting organizations that include weapons manufacturers, human rights activists, and pro-democracy groups, among others.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 75.82
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1152 - Launchctl
  • T1683.001 - Written Content
  • T1546.008 - Accessibility Features
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 14.40
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Ember Bear

Score: 23.16
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 8.97
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
MITREへのリンク →

Agrius

Score: 4.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Contagious Interview

Score: 37.53
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 71.56
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 17.61
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 53.79
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1686.003 - Windows Host Firewall
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1212 - Exploitation for Credential Access
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1537 - Transfer Data to Cloud Account
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1578.001 - Create Snapshot
MITREへのリンク →

LAPSUS$

Score: 29.47
Matched TTPs:
  • T1216.001 - PubPrn
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Andariel

Score: 12.52
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 34.29
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 29.77
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

APT28

Score: 49.80
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1139 - Bash History
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 27.03
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1537 - Transfer Data to Cloud Account
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Leviathan

Score: 32.45
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 13.86
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 11.96
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1546.008 - Accessibility Features
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 25.38
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 10.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 18.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 25.22
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 27.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 20.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 10.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 25.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 6.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 6.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 13.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1122 - Component Object Model Hijacking
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 27.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.004 - Unix Shell
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Ke3chang

Score: 8.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 33.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 12.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1612 - Build Image on Host
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN7

Score: 25.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Storm-0501

Score: 12.64
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

BlackTech

Score: 7.49
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 14.65
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 7.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mofang

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 16.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Elderwood

Score: 7.23
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 6.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 9.80
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 19.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 9.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 7.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 13.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 8.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 11.52
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN4

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 17.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 19.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 10.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 8.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 16.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 12.53
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 14.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 11.06
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT39

Score: 10.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 17.38
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
MITREへのリンク →

CURIUM

Score: 13.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1218.001 - Compiled HTML File
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 18.72
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 9.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 7.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 9.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 5.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1212 - Exploitation for Credential Access
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 11.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

WIRTE

Score: 4.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

menuPass

Score: 7.46
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
MITREへのリンク →

Threat Group-3390

Score: 17.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Gamaredon Group

Score: 21.26
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 4.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

BITTER

Score: 6.71
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 11.23
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
MITREへのリンク →

RTM

Score: 4.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1008 - Fallback Channels
MITREへのリンク →

APT41

Score: 20.88
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1537 - Transfer Data to Cloud Account
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 15.97
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 4.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 4.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 9.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

Tonto Team

Score: 5.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1212 - Exploitation for Credential Access
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

IndigoZebra

Score: 5.25
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 6.65
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

The White Company

Score: 7.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Velvet Ant

Score: 5.78
Matched TTPs:
  • T1583.005 - Botnet
  • T1128 - Netsh Helper DLL
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackByte

Score: 3.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

HEXANE

Score: 19.88
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1055.014 - VDSO Hijacking
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
MITREへのリンク →

Rocke

Score: 9.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 20.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1598 - Phishing for Information
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Fox Kitten

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
MITREへのリンク →

Cinnamon Tempest

Score: 4.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 5.07
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

GALLIUM

Score: 7.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 8.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Axiom

Score: 14.41
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

RedEcho

Score: 4.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
MITREへのリンク →

MoustachedBouncer

Score: 6.59
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Aquatic Panda

Score: 5.90
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 8.01
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Chimera

Score: 10.03
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1578.001 - Create Snapshot
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Deep Panda

Score: 5.90
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Dark Caracal

Score: 4.58
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.83
Matched TTPs:
  • T1583.005 - Botnet
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
  • T1683.001 - Written Content
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1003.003 - NTDS
  • T1598.003 - Spearphishing Link
  • T1114 - Email Collection
  • T1055.014 - VDSO Hijacking
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1152 - Launchctl
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.003 - One-Way Communication
  • T1552.003 - Shell History
  • T1546.008 - Accessibility Features
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
  • T1091 - Replication Through Removable Media
  • T1033 - System Owner/User Discovery
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
MITREへのリンク →

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1583.005 - Botnet
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1606.002 - SAML Tokens
  • T1049 - System Network Connections Discovery
  • T1187 - Forced Authentication
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1027.018 - Invisible Unicode
  • T1005 - Data from Local System
  • T1598.003 - Spearphishing Link
  • T1114 - Email Collection
  • T1562.004 - Disable or Modify System Firewall
  • T1199 - Trusted Relationship
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.003 - One-Way Communication
  • T1686.003 - Windows Host Firewall
  • T1546.008 - Accessibility Features
  • T1193 - Spearphishing Attachment
  • T1564.008 - Email Hiding Rules
  • T1111 - Multi-Factor Authentication Interception
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1091 - Replication Through Removable Media
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Volt Typhoon

Score: 0.63
Matched TTPs:
  • T1057 - Process Discovery
  • T1148 - HISTCONTROL
  • T1199 - Trusted Relationship
  • T1574.002 - DLL Side-Loading
  • T1537 - Transfer Data to Cloud Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.001 - Disable or Modify Windows Event Log
  • T1049 - System Network Connections Discovery
  • T1212 - Exploitation for Credential Access
  • T1102.003 - One-Way Communication
  • T1159 - Launch Agent
  • T1552.008 - Chat Messages
  • T1065 - Uncommonly Used Port
  • T1686.003 - Windows Host Firewall
  • T1553.002 - Code Signing
  • T1578.001 - Create Snapshot
  • T1114 - Email Collection
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1583.005 - Botnet
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1027.018 - Invisible Unicode
  • T1146 - Clear Command History
  • T1592.003 - Firmware
  • T1598.003 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1152 - Launchctl
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1685.001 - Disable or Modify Windows Event Log
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る