Pulse Detail-

An Update on Winnti

概要

The group continues to primarily use publicly available pentesting tools outside of the US. In the multiple incidents we have been involved in, the group has relied heavily on BeEF and Cobalt Strike. Cobalt Strike has been their primary toolset for command and control within the victim networks, while BeEF has been used to assist in the initial infection process. On the network traffic analysis end, post compromise activity results in some interesting but not unexpected activity. First, Winnti uses Cobalt Strike to collect credentials and move laterally. The stolen credentials may be used for remote access into the victim network if applicable. The group also continues to focus on theft of code signing certificates and internal documentation, including company files and internal communication history (chats/emails).

Created: 2026-02-23

Indicators

類似Pulses

Winnti is now targeting pharmaceutical companies (score: 0.57)
Threat Group-3390 Targets Organizations for Cyberespionage (score: 0.55)
Untangling the Patchwork Cyberespionage Group (score: 0.52)
TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors (score: 0.51)
New traces of Hacking Team in the wild (score: 0.51)

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 17.91

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1552.003 - Shell History
T1199 - Trusted Relationship
T1557.002 - ARP Cache Poisoning
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1588.005 - Exploits

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy

MITREへのリンク →

Magic Hound

Score: 8.26

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

HEXANE

Score: 6.02

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

APT29

Score: 7.04

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Gamaredon Group

Score: 13.71

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1200 - Hardware Additions
T1547.013 - XDG Autostart Entries
T1546.017 - Udev Rules

MITREへのリンク →

TA2541

Score: 10.27

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1546.017 - Udev Rules

MITREへのリンク →

Lotus Blossom

Score: 6.52

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1569.002 - Service Execution

MITREへのリンク →

FIN13

Score: 11.47

Matched TTPs:

T1099 - Timestomp
T1552.003 - Shell History
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1569.002 - Service Execution

MITREへのリンク →

HAFNIUM

Score: 6.19

Matched TTPs:

T1099 - Timestomp
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Turla

Score: 18.66

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1556.009 - Conditional Access Policies
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution
T1490 - Inhibit System Recovery

MITREへのリンク →

Volt Typhoon

Score: 18.55

Matched TTPs:

T1099 - Timestomp
T1164 - Re-opened Applications
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1569.002 - Service Execution

MITREへのリンク →

FIN8

Score: 11.92

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion

MITREへのリンク →

Sandworm Team

Score: 12.32

Matched TTPs:

T1583.005 - Botnet
T1586.002 - Email Accounts
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Kimsuky

Score: 17.39

Matched TTPs:

T1583.005 - Botnet
T1552.003 - Shell History
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion
T1490 - Inhibit System Recovery

MITREへのリンク →

Velvet Ant

Score: 16.01

Matched TTPs:

T1583.005 - Botnet
T1128 - Netsh Helper DLL
T1566.004 - Spearphishing Voice
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution
T1490 - Inhibit System Recovery

MITREへのリンク →

Salt Typhoon

Score: 3.88

Matched TTPs:

T1583.005 - Botnet
T1199 - Trusted Relationship

MITREへのリンク →

APT33

Score: 8.79

Matched TTPs:

T1583.005 - Botnet
T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

UNC3886

Score: 8.71

Matched TTPs:

T1583.005 - Botnet
T1566.004 - Spearphishing Voice
T1055.015 - ListPlanting

MITREへのリンク →

DarkVishnya

Score: 11.01

Matched TTPs:

T1583.005 - Botnet
T1586.002 - Email Accounts
T1199 - Trusted Relationship
T1213.003 - Code Repositories

MITREへのリンク →

APT28

Score: 22.67

Matched TTPs:

T1583.005 - Botnet
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1200 - Hardware Additions
T1547.013 - XDG Autostart Entries
T1588.003 - Code Signing Certificates
T1546.007 - Netsh Helper DLL

MITREへのリンク →

TeamTNT

Score: 3.37

Matched TTPs:

T1586.002 - Email Accounts
T1547.013 - XDG Autostart Entries

MITREへのリンク →

OilRig

Score: 18.82

Matched TTPs:

T1586.002 - Email Accounts
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1556.009 - Conditional Access Policies
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion
T1055.015 - ListPlanting

MITREへのリンク →

FIN7

Score: 17.12

Matched TTPs:

T1586.002 - Email Accounts
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1055.015 - ListPlanting
T1490 - Inhibit System Recovery

MITREへのリンク →

INC Ransom

Score: 13.02

Matched TTPs:

T1586.002 - Email Accounts
T1552.003 - Shell History
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Medusa Group

Score: 28.98

Matched TTPs:

T1586.002 - Email Accounts
T1218.003 - CMSTP
T1552.003 - Shell History
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1566.004 - Spearphishing Voice
T1598 - Phishing for Information
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Carbanak

Score: 3.44

Matched TTPs:

T1586.002 - Email Accounts
T1199 - Trusted Relationship

MITREへのリンク →

MuddyWater

Score: 6.96

Matched TTPs:

T1586.002 - Email Accounts
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Akira

Score: 6.76

Matched TTPs:

T1586.002 - Email Accounts
T1552.003 - Shell History
T1622 - Debugger Evasion

MITREへのリンク →

BlackByte

Score: 9.65

Matched TTPs:

T1586.002 - Email Accounts
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Cobalt Group

Score: 11.36

Matched TTPs:

T1586.002 - Email Accounts
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Threat Group-3390

Score: 14.81

Matched TTPs:

T1218.003 - CMSTP
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1546.017 - Udev Rules

MITREへのリンク →

Winter Vivern

Score: 5.31

Matched TTPs:

T1548 - Abuse Elevation Control Mechanism
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LAPSUS$

Score: 17.90

Matched TTPs:

T1020 - Automated Exfiltration
T1596.004 - CDNs
T1199 - Trusted Relationship
T1557.002 - ARP Cache Poisoning
T1588.005 - Exploits

MITREへのリンク →

Contagious Interview

Score: 3.37

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship

MITREへのリンク →

Cinnamon Tempest

Score: 4.15

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-0501

Score: 5.27

Matched TTPs:

T1552.003 - Shell History
T1027.014 - Polymorphic Code

MITREへのリンク →

Play

Score: 6.82

Matched TTPs:

T1552.003 - Shell History
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Wizard Spider

Score: 21.56

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1556.009 - Conditional Access Policies
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Fox Kitten

Score: 12.05

Matched TTPs:

T1059.001 - PowerShell
T1542.004 - ROMMONkit
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1588.005 - Exploits

MITREへのリンク →

Earth Lusca

Score: 6.43

Matched TTPs:

T1059.001 - PowerShell
T1199 - Trusted Relationship
T1546.016 - Installer Packages

MITREへのリンク →

Ember Bear

Score: 4.98

Matched TTPs:

T1059.001 - PowerShell
T1566.004 - Spearphishing Voice

MITREへのリンク →

Tonto Team

Score: 3.52

Matched TTPs:

T1059.001 - PowerShell
T1547.013 - XDG Autostart Entries

MITREへのリンク →

menuPass

Score: 9.05

Matched TTPs:

T1059.001 - PowerShell
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Dragonfly

Score: 12.00

Matched TTPs:

T1059.001 - PowerShell
T1199 - Trusted Relationship
T1200 - Hardware Additions
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Mustang Panda

Score: 9.32

Matched TTPs:

T1169 - Sudo
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1526 - Cloud Service Discovery

MITREへのリンク →

Inception

Score: 6.75

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1200 - Hardware Additions

MITREへのリンク →

BlackTech

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

Storm-1811

Score: 3.86

Matched TTPs:

T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BRONZE BUTLER

Score: 4.66

Matched TTPs:

T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT41

Score: 11.35

Matched TTPs:

T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1055.015 - ListPlanting

MITREへのリンク →

APT39

Score: 8.60

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

GALLIUM

Score: 3.86

Matched TTPs:

T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN6

Score: 7.64

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Patchwork

Score: 3.27

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Sea Turtle

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

WIRTE

Score: 4.37

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Ke3chang

Score: 4.02

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Lazarus Group

Score: 12.47

Matched TTPs:

T1199 - Trusted Relationship
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1055.015 - ListPlanting
T1569.002 - Service Execution

MITREへのリンク →

FIN10

Score: 7.40

Matched TTPs:

T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1622 - Debugger Evasion
T1490 - Inhibit System Recovery

MITREへのリンク →

Aquatic Panda

Score: 3.27

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Aoqin Dragon

Score: 3.08

Matched TTPs:

T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice

MITREへのリンク →

APT38

Score: 4.02

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT32

Score: 11.67

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1490 - Inhibit System Recovery

MITREへのリンク →

Silence

Score: 5.67

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Chimera

Score: 10.94

Matched TTPs:

T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT19

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code

MITREへのリンク →

APT42

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1128 - Netsh Helper DLL

MITREへのリンク →

Blue Mockingbird

Score: 12.18

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1001.001 - Junk Data

MITREへのリンク →

DarkHydrus

Score: 4.00

Matched TTPs:

T1199 - Trusted Relationship
T1200 - Hardware Additions

MITREへのリンク →

RedCurl

Score: 5.78

Matched TTPs:

T1542.004 - ROMMONkit
T1128 - Netsh Helper DLL

MITREへのリンク →

Sowbug

Score: 3.03

Matched TTPs:

T1542.004 - ROMMONkit

MITREへのリンク →

TA551

Score: 3.52

Matched TTPs:

T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Leviathan

Score: 11.16

Matched TTPs:

T1027.014 - Polymorphic Code
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1546.017 - Udev Rules

MITREへのリンク →

Tropic Trooper

Score: 9.34

Matched TTPs:

T1128 - Netsh Helper DLL
T1200 - Hardware Additions
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Agrius

Score: 3.88

Matched TTPs:

T1566.004 - Spearphishing Voice
T1622 - Debugger Evasion

MITREへのリンク →

Stealth Falcon

Score: 3.62

Matched TTPs:

T1556.009 - Conditional Access Policies

MITREへのリンク →

Confucius

Score: 3.93

Matched TTPs:

T1200 - Hardware Additions
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Daggerfly

Score: 3.61

Matched TTPs:

T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Indrik Spider

Score: 5.26

Matched TTPs:

T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

PLATINUM

Score: 5.31

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1686 - Disable or Modify System Firewall

MITREへのリンク →

Molerats

Score: 3.93

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1546.017 - Udev Rules

MITREへのリンク →

Moonstone Sleet

Score: 3.17

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Axiom

Score: 6.19

Matched TTPs:

T1622 - Debugger Evasion
T1160 - Launch Daemon

MITREへのリンク →

Higaisa

Score: 6.08

Matched TTPs:

T1569.002 - Service Execution
T1546.017 - Udev Rules

MITREへのリンク →

Mofang

Score: 3.15

Matched TTPs:

T1546.017 - Udev Rules

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Medusa Group

Score: 0.83

Matched TTPs:

T1128 - Netsh Helper DLL
T1199 - Trusted Relationship
T1094 - Custom Command and Control Protocol
T1218.003 - CMSTP
T1552.003 - Shell History
T1586.002 - Email Accounts
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1547.013 - XDG Autostart Entries
T1566.004 - Spearphishing Voice
T1598 - Phishing for Information

MITREへのリンク →

APT28

Score: 0.63

Matched TTPs:

T1588.003 - Code Signing Certificates
T1199 - Trusted Relationship
T1059.001 - PowerShell
T1546.007 - Netsh Helper DLL
T1583.005 - Botnet
T1542.004 - ROMMONkit
T1200 - Hardware Additions
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Wizard Spider

Score: 0.61

Matched TTPs:

T1556.009 - Conditional Access Policies
T1199 - Trusted Relationship
T1059.001 - PowerShell
T1567.001 - Exfiltration to Code Repository
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1526 - Cloud Service Discovery
T1547.013 - XDG Autostart Entries
T1566.004 - Spearphishing Voice

MITREへのリンク →

Turla

Score: 0.57

Matched TTPs:

T1099 - Timestomp
T1490 - Inhibit System Recovery
T1556.009 - Conditional Access Policies
T1199 - Trusted Relationship
T1546.016 - Installer Packages
T1569.002 - Service Execution
T1547.013 - XDG Autostart Entries
T1566.004 - Spearphishing Voice

MITREへのリンク →

Volt Typhoon

Score: 0.57

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1546.016 - Installer Packages
T1622 - Debugger Evasion
T1569.002 - Service Execution
T1164 - Re-opened Applications
T1566.004 - Spearphishing Voice

MITREへのリンク →

LAPSUS$

Score: 0.56

Matched TTPs:

T1588.005 - Exploits
T1020 - Automated Exfiltration
T1199 - Trusted Relationship
T1596.004 - CDNs
T1557.002 - ARP Cache Poisoning

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

An Update on Winnti

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ