Trusted Design

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

概要

An exposed open directory revealed a comprehensive Roundcube exploitation toolkit used by APT28 to target Ukrainian government entities. The toolkit includes XSS payloads, a Flask-based C2 server, CSS injection tools, and a Go-based implant. It enables credential harvesting, persistent mail forwarding, bulk email exfiltration, address book theft, and 2FA secret extraction. The primary target was identified as mail.dmsu.gov.ua, Ukraine's State Migration Service. Technical analysis shows significant overlaps with previously documented APT28 operations, while introducing new capabilities such as CSS-based side-channel attacks and browser credential theft. The toolkit's modular approach and sophisticated evasion techniques demonstrate APT28's evolving tactics in compromising webmail platforms for long-term intelligence gathering.

Created: 2026-04-17

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 35.83
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1052.001 - Exfiltration over USB
  • T1095 - Non-Application Layer Protocol
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 40.05
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
MITREへのリンク →

Sea Turtle

Score: 23.55
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1078 - Valid Accounts
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Contagious Interview

Score: 27.27
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Daggerfly

Score: 9.00
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

GALLIUM

Score: 15.03
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT29

Score: 35.47
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1098.005 - Device Registration
  • T1218.005 - Mshta
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1027.006 - HTML Smuggling
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 17.26
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1083 - File and Directory Discovery
  • T1134.003 - Make and Impersonate Token
  • T1550.002 - Pass the Hash
MITREへのリンク →

Dragonfly

Score: 24.57
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1187 - Forced Authentication
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Ke3chang

Score: 18.76
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Agrius

Score: 9.37
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
MITREへのリンク →

APT41

Score: 31.84
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
MITREへのリンク →

APT5

Score: 9.21
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
MITREへのリンク →

menuPass

Score: 15.88
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 17.13
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Wizard Spider

Score: 20.72
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1518.002 - Backup Software Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
MITREへのリンク →

Ember Bear

Score: 18.02
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Axiom

Score: 11.79
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 21.94
Matched TTPs:
  • T1583.002 - DNS Server
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1534 - Internal Spearphishing
  • T1018 - Remote System Discovery
MITREへのリンク →

RedCurl

Score: 8.04
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 12.53
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1550.002 - Pass the Hash
MITREへのリンク →

Chimera

Score: 19.33
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1556.001 - Domain Controller Authentication
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Magic Hound

Score: 32.73
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 16.29
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 16.35
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 11.72
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 23.87
Matched TTPs:
  • T1587.001 - Malware
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 18.18
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 15.31
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

LuminousMoth

Score: 18.04
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 26.33
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Play

Score: 9.63
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Aoqin Dragon

Score: 6.43
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1083 - File and Directory Discovery
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Turla

Score: 22.90
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

TeamTNT

Score: 14.64
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

FIN7

Score: 24.15
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 42.94
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
MITREへのリンク →

Storm-0501

Score: 10.87
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1486 - Data Encrypted for Impact
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Sidewinder

Score: 11.08
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 9.25
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 12.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1041 - Exfiltration Over C2 Channel
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 27.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1068 - Exploitation for Privilege Escalation
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 28.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 16.59
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 13.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 6.88
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

HAFNIUM

Score: 12.92
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 8.93
Matched TTPs:
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Aquatic Panda

Score: 9.52
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1550.002 - Pass the Hash
MITREへのリンク →

Earth Lusca

Score: 25.66
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1210 - Exploitation of Remote Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Volt Typhoon

Score: 23.60
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1018 - Remote System Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

admin@338

Score: 3.82
Matched TTPs:
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
MITREへのリンク →

Rocke

Score: 11.87
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1018 - Remote System Discovery
MITREへのリンク →

INC Ransom

Score: 10.47
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Velvet Ant

Score: 6.54
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Gamaredon Group

Score: 27.54
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1095 - Non-Application Layer Protocol
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 6.10
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tropic Trooper

Score: 8.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1083 - File and Directory Discovery
  • T1052.001 - Exfiltration over USB
MITREへのリンク →

LAPSUS$

Score: 18.05
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

IndigoZebra

Score: 4.18
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
MITREへのリンク →

TA577

Score: 4.03
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 15.80
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

TA2541

Score: 11.45
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 5.10
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 9.65
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

TA505

Score: 11.45
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 18.75
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1134.003 - Make and Impersonate Token
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

BITTER

Score: 8.25
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Saint Bear

Score: 5.13
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 7.37
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 7.62
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
MITREへのリンク →

BackdoorDiplomacy

Score: 6.59
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Medusa Group

Score: 14.41
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
MITREへのリンク →

Fox Kitten

Score: 14.11
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

ToddyCat

Score: 9.50
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1134 - Access Token Manipulation
MITREへのリンク →

MuddyWater

Score: 16.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT39

Score: 9.07
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

Storm-1811

Score: 9.31
Matched TTPs:
  • T1583.001 - Domains
  • T1486 - Data Encrypted for Impact
  • T1219.002 - Remote Desktop Software
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Transparent Tribe

Score: 4.64
Matched TTPs:
  • T1583.001 - Domains
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

APT38

Score: 15.71
Matched TTPs:
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Leafminer

Score: 9.14
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

APT3

Score: 12.13
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Windigo

Score: 5.41
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1090 - Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

Metador

Score: 5.12
Matched TTPs:
  • T1588.001 - Malware
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Andariel

Score: 4.22
Matched TTPs:
  • T1588.001 - Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

Inception

Score: 3.64
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
MITREへのリンク →

Dark Caracal

Score: 5.59
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lotus Blossom

Score: 6.69
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
MITREへのリンク →

Confucius

Score: 6.97
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1204.001 - Malicious Link
MITREへのリンク →

Tonto Team

Score: 4.84
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

FIN6

Score: 15.89
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN8

Score: 8.76
Matched TTPs:
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 4.88
Matched TTPs:
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1204.001 - Malicious Link
MITREへのリンク →

PLATINUM

Score: 6.53
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cobalt Group

Score: 3.46
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1204.001 - Malicious Link
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1187 - Forced Authentication
MITREへのリンク →

Evilnum

Score: 4.29
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

Windshift

Score: 5.65
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Scattered Spider

Score: 0.70
Matched TTPs:
  • T1588.001 - Malware
  • T1484.002 - Trust Modification
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1598.003 - Spearphishing Link
  • T1219.002 - Remote Desktop Software
  • T1070.008 - Clear Mailbox Data
  • T1583.001 - Domains
  • T1486 - Data Encrypted for Impact
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1598.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1083 - File and Directory Discovery
MITREへのリンク →

Kimsuky

Score: 0.65
Matched TTPs:
  • T1534 - Internal Spearphishing
  • T1586.002 - Email Accounts
  • T1219.002 - Remote Desktop Software
  • T1598.003 - Spearphishing Link
  • T1557 - Adversary-in-the-Middle
  • T1583.001 - Domains
  • T1562.001 - Disable or Modify Tools
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598 - Phishing for Information
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
  • T1083 - File and Directory Discovery
MITREへのリンク →

Mustang Panda

Score: 0.58
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1219.002 - Remote Desktop Software
  • T1598.003 - Spearphishing Link
  • T1557 - Adversary-in-the-Middle
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1018 - Remote System Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1052.001 - Exfiltration over USB
  • T1204.001 - Malicious Link
  • T1083 - File and Directory Discovery
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

APT29

Score: 0.58
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.003 - Spearphishing via Service
  • T1078 - Valid Accounts
  • T1586.002 - Email Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1649 - Steal or Forge Authentication Certificates
  • T1190 - Exploit Public-Facing Application
  • T1587.001 - Malware
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
  • T1546.008 - Accessibility Features
  • T1098.005 - Device Registration
  • T1027.006 - HTML Smuggling
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る