Trusted Design

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis

概要

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need for malware campaigns: encryption, hosting, antimalware evasion, spamming, and many others......

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 62.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1152 - Launchctl
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 10.47
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 20.57
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 12.72
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 4.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Contagious Interview

Score: 41.21
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1059.006 - Python
  • T1221 - Template Injection
MITREへのリンク →

Sandworm Team

Score: 44.46
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Star Blizzard

Score: 11.60
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 53.72
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1491 - Defacement
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

LAPSUS$

Score: 26.44
Matched TTPs:
  • T1216.001 - PubPrn
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1065 - Uncommonly Used Port
  • T1588.005 - Exploits
MITREへのリンク →

FIN6

Score: 6.52
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
MITREへのリンク →

CopyKittens

Score: 4.00
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 35.80
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

UNC3886

Score: 14.80
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Lotus Blossom

Score: 6.24
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Lazarus Group

Score: 26.25
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
MITREへのリンク →

APT28

Score: 31.06
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 12.73
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Leviathan

Score: 22.38
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Mustard Tempest

Score: 11.31
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silent Librarian

Score: 6.59
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 17.66
Matched TTPs:
  • T1114 - Email Collection
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

FIN13

Score: 10.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 13.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1057 - Process Discovery
MITREへのリンク →

OilRig

Score: 15.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

LuminousMoth

Score: 10.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 8.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 16.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
MITREへのリンク →

Play

Score: 8.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 8.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 27.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Ke3chang

Score: 10.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 11.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN7

Score: 25.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Sidewinder

Score: 8.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Scattered Spider

Score: 15.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1491 - Defacement
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1588.005 - Exploits
MITREへのリンク →

APT32

Score: 18.34
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 21.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

CURIUM

Score: 10.88
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dragonfly

Score: 19.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Patchwork

Score: 11.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

HAFNIUM

Score: 19.33
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Transparent Tribe

Score: 6.29
Matched TTPs:
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Threat Group-3390

Score: 16.95
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 12.66
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

Aquatic Panda

Score: 7.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Chimera

Score: 12.33
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1491 - Defacement
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 19.51
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 5.83
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

TA2541

Score: 9.19
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

LazyScripter

Score: 8.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
MITREへのリンク →

Gamaredon Group

Score: 25.27
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

SideCopy

Score: 6.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 5.28
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackByte

Score: 7.58
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
MITREへのリンク →

BITTER

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 15.21
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 7.24
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 12.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Medusa Group

Score: 17.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
MITREへのリンク →

Storm-0501

Score: 5.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Fox Kitten

Score: 13.36
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1491 - Defacement
  • T1612 - Build Image on Host
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

Cinnamon Tempest

Score: 4.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

ToddyCat

Score: 3.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

Winter Vivern

Score: 11.39
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 4.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Axiom

Score: 8.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT41

Score: 21.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 16.49
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

APT39

Score: 6.95
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Wizard Spider

Score: 7.29
Matched TTPs:
  • T1038 - DLL Search Order Hijacking
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

APT38

Score: 7.80
Matched TTPs:
  • T1491 - Defacement
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 9.56
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Inception

Score: 7.61
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

FIN8

Score: 5.27
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Malteiro

Score: 4.42
Matched TTPs:
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Confucius

Score: 3.51
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Storm-1811

Score: 5.39
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Cobalt Group

Score: 4.24
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Tropic Trooper

Score: 9.76
Matched TTPs:
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

APT37

Score: 5.66
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Elderwood

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 5.16
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 6.83
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Windshift

Score: 6.41
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Velvet Ant

Score: 4.13
Matched TTPs:
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
  • T1008 - Fallback Channels
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1057 - Process Discovery
  • T1506 - Web Session Cookie
  • T1690 - Prevent Command History Logging
  • T1055.014 - VDSO Hijacking
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1152 - Launchctl
  • T1102.003 - One-Way Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.002 - Spearphishing Link
  • T1683.001 - Written Content
  • T1003.007 - Proc Filesystem
  • T1608.005 - Link Target
  • T1114 - Email Collection
  • T1547.002 - Authentication Package
  • T1003.003 - NTDS
MITREへのリンク →

Volt Typhoon

Score: 0.71
Matched TTPs:
  • T1574.002 - DLL Side-Loading
  • T1570 - Lateral Tool Transfer
  • T1065 - Uncommonly Used Port
  • T1049 - System Network Connections Discovery
  • T1003.007 - Proc Filesystem
  • T1057 - Process Discovery
  • T1114 - Email Collection
  • T1164 - Re-opened Applications
  • T1159 - Launch Agent
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1553.002 - Code Signing
  • T1102.003 - One-Way Communication
  • T1546.016 - Installer Packages
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1491 - Defacement
MITREへのリンク →

Sandworm Team

Score: 0.63
Matched TTPs:
  • T1005 - Data from Local System
  • T1566.002 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1049 - System Network Connections Discovery
  • T1114 - Email Collection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.008 - Email Hiding Rules
  • T1547.002 - Authentication Package
  • T1102.003 - One-Way Communication
  • T1546.016 - Installer Packages
  • T1218.010 - Regsvr32
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
MITREへのリンク →

Contagious Interview

Score: 0.57
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1059.006 - Python
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1044 - File System Permissions Weakness
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1033 - System Owner/User Discovery
  • T1218.008 - Odbcconf
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る