Trusted Design

Approaching Cyclone: Vortex Werewolf Attacks Russia

概要

A new cluster is spreading malware through phishing attacks targeting Russia. The attack methodology involves fake pages that imitate file downloads from Telegram. The article likely details the structure of these attacks, providing insights into how the malicious actors are exploiting user trust in the popular messaging platform to deliver their payload. This emerging threat, dubbed Vortex Werewolf, appears to be a sophisticated campaign specifically targeting Russian users or entities.

Created: 2026-02-28

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 33.04
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1159 - Launch Agent
MITREへのリンク →

Kimsuky

Score: 54.65
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1656 - Impersonation
MITREへのリンク →

Sea Turtle

Score: 18.41
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 22.57
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

Sandworm Team

Score: 40.90
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
MITREへのリンク →

Volt Typhoon

Score: 33.98
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT28

Score: 33.35
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

ZIRCONIUM

Score: 19.40
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

Leviathan

Score: 24.53
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 14.26
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
MITREへのリンク →

Daggerfly

Score: 4.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 6.88
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 27.96
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1223 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 14.18
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Dragonfly

Score: 16.42
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ke3chang

Score: 12.03
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Agrius

Score: 7.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 32.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1071.004 - DNS
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT5

Score: 9.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
MITREへのリンク →

menuPass

Score: 7.08
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
MITREへのリンク →

Threat Group-3390

Score: 15.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Wizard Spider

Score: 15.97
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1038 - DLL Search Order Hijacking
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Axiom

Score: 18.77
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 24.26
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

Lazarus Group

Score: 35.59
Matched TTPs:
  • T1071.004 - DNS
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1070.006 - Timestomp
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 44.97
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 12.37
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

BlackTech

Score: 6.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 34.93
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

LuminousMoth

Score: 13.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Confucius

Score: 11.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 18.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Elderwood

Score: 5.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 4.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN7

Score: 22.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
MITREへのリンク →

Transparent Tribe

Score: 5.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN8

Score: 9.93
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

APT32

Score: 23.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT3

Score: 16.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 5.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 9.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 14.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 4.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Magic Hound

Score: 27.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 18.27
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 11.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 10.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

TA2541

Score: 15.65
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Earth Lusca

Score: 17.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RedCurl

Score: 10.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
MITREへのリンク →

Storm-1811

Score: 16.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 26.20
Matched TTPs:
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 14.14
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA505

Score: 16.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

LazyScripter

Score: 13.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 14.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

APT39

Score: 10.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Silent Librarian

Score: 7.15
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

Star Blizzard

Score: 12.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 16.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 13.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 8.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

Tropic Trooper

Score: 8.31
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 13.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 3.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 10.82
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Gamaredon Group

Score: 46.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1547.002 - Authentication Package
  • T1203 - Exploitation for Client Execution
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

Darkhotel

Score: 7.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BITTER

Score: 7.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Inception

Score: 14.18
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Ajax Security Team

Score: 5.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 3.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
MITREへのリンク →

Winter Vivern

Score: 11.00
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Higaisa

Score: 4.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 3.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 3.49
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Malteiro

Score: 7.35
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

SideCopy

Score: 13.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Andariel

Score: 10.44
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 8.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

IndigoZebra

Score: 3.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 13.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

PLATINUM

Score: 9.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HAFNIUM

Score: 14.91
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TeamTNT

Score: 12.01
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

BlackByte

Score: 19.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.010 - Downgrade Attack
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

Contagious Interview

Score: 38.08
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 11.31
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

BackdoorDiplomacy

Score: 7.44
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 18.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

Fox Kitten

Score: 14.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1656 - Impersonation
MITREへのリンク →

Cinnamon Tempest

Score: 4.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

ToddyCat

Score: 9.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1203 - Exploitation for Client Execution
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 12.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

UNC3886

Score: 11.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Play

Score: 9.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Salt Typhoon

Score: 6.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1199 - Trusted Relationship
MITREへのリンク →

Akira

Score: 11.20
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

LAPSUS$

Score: 20.40
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1564.003 - Hidden Window
MITREへのリンク →

Stealth Falcon

Score: 4.03
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
MITREへのリンク →

Leafminer

Score: 8.49
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Metador

Score: 5.97
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Aquatic Panda

Score: 7.00
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Velvet Ant

Score: 3.10
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 8.66
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1574 - Hijack Execution Flow
MITREへのリンク →

Aoqin Dragon

Score: 3.64
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 5.59
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windigo

Score: 5.81
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Indrik Spider

Score: 6.66
Matched TTPs:
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1656 - Impersonation
  • T1091 - Replication Through Removable Media
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1037 - Boot or Logon Initialization Scripts
  • T1140 - Deobfuscate/Decode Files or Information
  • T1543.003 - Windows Service
  • T1087.004 - Cloud Account
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1055.014 - VDSO Hijacking
  • T1219.001 - IDE Tunneling
  • T1562.012 - Disable or Modify Linux Audit System
  • T1690 - Prevent Command History Logging
  • T1598.003 - Spearphishing Link
  • T1051 - Shared Webroot
  • T1197 - BITS Jobs
  • T1506 - Web Session Cookie
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1554 - Compromise Host Software Binary
  • T1547.002 - Authentication Package
  • T1203 - Exploitation for Client Execution
  • T1598.003 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1562.010 - Downgrade Attack
  • T1506 - Web Session Cookie
  • T1055.014 - VDSO Hijacking
  • T1091 - Replication Through Removable Media
  • T1061 - Graphical User Interface
  • T1597 - Search Closed Sources
  • T1218.012 - Verclsid
  • T1606.001 - Web Cookies
  • T1219.001 - IDE Tunneling
  • T1059.013 - Container CLI/API
MITREへのリンク →

Scattered Spider

Score: 0.58
Matched TTPs:
  • T1583.001 - Domains
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1564.003 - Hidden Window
  • T1547.005 - Security Support Provider
  • T1051 - Shared Webroot
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1019 - System Firmware
  • T1197 - BITS Jobs
  • T1027 - Obfuscated Files or Information
  • T1136.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1619 - Cloud Storage Object Discovery
  • T1597 - Search Closed Sources
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る