Trusted Design

EPS Processing Zero-Days Exploited by Multiple Threat Actors

概要

Recently, FireEye identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild. At the end of March 2017, we detected another malicious document leveraging an unknown vulnerability in EPS and a recently patched vulnerability in Windows Graphics Device Interface (GDI) to drop malware. Following the April 2017 Patch Tuesday, in which Microsoft disabled EPS, FireEye detected a second unknown vulnerability in EPS. FireEye believes that two actors – Turla and an unknown financially motivated actor – were using the first EPS zero-day (CVE-2017-0261), and APT28 was using the second EPS zero-day (CVE-2017-0262) along with a new Escalation of Privilege (EOP) zero-day (CVE-2017-0263). Turla and APT28 are Russian cyber espionage groups that have used these zero-days against European diplomatic and military entities. The unidentified financial group targeted regional and global banks with offices in the Middle East.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Turla

Score: 22.54
Matched TTPs:
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ember Bear

Score: 19.67
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 19.52
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1686.003 - Windows Host Firewall
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 20.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN13

Score: 6.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 5.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
MITREへのリンク →

Lazarus Group

Score: 14.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 13.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 23.63
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 15.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
MITREへのリンク →

LuminousMoth

Score: 7.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 21.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1546.018 - Python Startup Hooks
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Play

Score: 11.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 4.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Ke3chang

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 17.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 3.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN7

Score: 15.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Volt Typhoon

Score: 21.46
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Darkhotel

Score: 3.44
Matched TTPs:
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Gamaredon Group

Score: 14.51
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1200 - Hardware Additions
MITREへのリンク →

Storm-0501

Score: 11.12
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1204.001 - Malicious Link
MITREへのリンク →

APT38

Score: 16.14
Matched TTPs:
  • T1675 - ESXi Administration Command
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
MITREへのリンク →

BlackByte

Score: 12.51
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 12.60
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 3.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

Threat Group-3390

Score: 8.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

APT28

Score: 14.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Medusa Group

Score: 23.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1204.001 - Malicious Link
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 4.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cinnamon Tempest

Score: 4.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Agrius

Score: 3.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

menuPass

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 8.69
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1001.001 - Junk Data
MITREへのリンク →

GALLIUM

Score: 8.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1174 - Password Filter DLL
MITREへのリンク →

Earth Lusca

Score: 9.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Leviathan

Score: 4.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

INC Ransom

Score: 6.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Dragonfly

Score: 7.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

Axiom

Score: 6.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1160 - Launch Daemon
MITREへのリンク →

APT41

Score: 4.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 4.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1490 - Inhibit System Recovery
MITREへのリンク →

MuddyWater

Score: 9.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1159 - Launch Agent
MITREへのリンク →

Patchwork

Score: 5.83
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
MITREへのリンク →

TA505

Score: 10.78
Matched TTPs:
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Wizard Spider

Score: 11.89
Matched TTPs:
  • T1059.009 - Cloud API
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 15.91
Matched TTPs:
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aquatic Panda

Score: 6.93
Matched TTPs:
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Gorgon Group

Score: 4.48
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

APT42

Score: 5.43
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Saint Bear

Score: 3.63
Matched TTPs:
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN8

Score: 5.43
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

TA2541

Score: 7.85
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

LAPSUS$

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT1

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 5.49
Matched TTPs:
  • T1136.002 - Domain Account
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Scattered Spider

Score: 15.45
Matched TTPs:
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

BRONZE BUTLER

Score: 12.27
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1562.011 - Spoof Security Alerting
  • T1159 - Launch Agent
MITREへのリンク →

Akira

Score: 4.32
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
MITREへのリンク →

APT33

Score: 4.98
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
MITREへのリンク →

Tonto Team

Score: 3.15
Matched TTPs:
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

HEXANE

Score: 6.75
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

admin@338

Score: 3.15
Matched TTPs:
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

Chimera

Score: 4.00
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
MITREへのリンク →

Inception

Score: 6.75
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Storm-1811

Score: 3.37
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 7.92
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

FIN10

Score: 3.52
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

DarkHydrus

Score: 4.00
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

Velvet Ant

Score: 11.34
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 3.15
Matched TTPs:
  • T1059.004 - Unix Shell
MITREへのリンク →

APT3

Score: 3.15
Matched TTPs:
  • T1059.004 - Unix Shell
MITREへのリンク →

Daggerfly

Score: 3.29
Matched TTPs:
  • T1174 - Password Filter DLL
MITREへのリンク →

Tropic Trooper

Score: 14.34
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1562.011 - Spoof Security Alerting
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT37

Score: 3.03
Matched TTPs:
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

TA551

Score: 3.03
Matched TTPs:
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Confucius

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

Windshift

Score: 5.27
Matched TTPs:
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.83
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1547.008 - LSASS Driver
  • T1005 - Data from Local System
  • T1199 - Trusted Relationship
  • T1212 - Exploitation for Credential Access
  • T1128 - Netsh Helper DLL
  • T1562.009 - Safe Mode Boot
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
MITREへのリンク →

Turla

Score: 0.83
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1199 - Trusted Relationship
  • T1136.002 - Domain Account
  • T1212 - Exploitation for Credential Access
  • T1490 - Inhibit System Recovery
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
MITREへのリンク →

Medusa Group

Score: 0.83
Matched TTPs:
  • T1204.001 - Malicious Link
  • T1199 - Trusted Relationship
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1128 - Netsh Helper DLL
  • T1094 - Custom Command and Control Protocol
  • T1059.009 - Cloud API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

APT29

Score: 0.81
Matched TTPs:
  • T1547.008 - LSASS Driver
  • T1199 - Trusted Relationship
  • T1592.004 - Client Configurations
  • T1140 - Deobfuscate/Decode Files or Information
  • T1490 - Inhibit System Recovery
  • T1606.002 - SAML Tokens
  • T1546.018 - Python Startup Hooks
  • T1138 - Application Shimming
MITREへのリンク →

Volt Typhoon

Score: 0.75
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1199 - Trusted Relationship
  • T1212 - Exploitation for Credential Access
  • T1584.002 - DNS Server
  • T1562.009 - Safe Mode Boot
  • T1059.009 - Cloud API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1159 - Launch Agent
MITREへのリンク →

Kimsuky

Score: 0.75
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1552.003 - Shell History
  • T1092 - Communication Through Removable Media
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

Sandworm Team

Score: 0.73
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1005 - Data from Local System
  • T1564.008 - Email Hiding Rules
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1204.001 - Malicious Link
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Ember Bear

Score: 0.70
Matched TTPs:
  • T1005 - Data from Local System
  • T1564.008 - Email Hiding Rules
  • T1136.002 - Domain Account
  • T1003.003 - NTDS
  • T1059.009 - Cloud API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

APT32

Score: 0.65
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1592.004 - Client Configurations
  • T1174 - Password Filter DLL
  • T1092 - Communication Through Removable Media
  • T1490 - Inhibit System Recovery
  • T1059.009 - Cloud API
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1199 - Trusted Relationship
  • T1092 - Communication Through Removable Media
  • T1136.001 - Local Account
  • T1606.002 - SAML Tokens
  • T1159 - Launch Agent
MITREへのリンク →

APT38

Score: 0.62
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1675 - ESXi Administration Command
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1597 - Search Closed Sources
MITREへのリンク →

UNC3886

Score: 0.62
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1200 - Hardware Additions
  • T1588.003 - Code Signing Certificates
  • T1199 - Trusted Relationship
  • T1566.003 - Spearphishing via Service
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1011.001 - Exfiltration Over Bluetooth
  • T1199 - Trusted Relationship
  • T1092 - Communication Through Removable Media
  • T1490 - Inhibit System Recovery
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1200 - Hardware Additions
  • T1199 - Trusted Relationship
  • T1092 - Communication Through Removable Media
  • T1562.009 - Safe Mode Boot
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1547.008 - LSASS Driver
  • T1055.005 - Thread Local Storage
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
MITREへのリンク →

Scattered Spider

Score: 0.58
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
  • T1597 - Search Closed Sources
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る