Trusted Design

The Return of the Kinsing

概要

A Canary Intelligence team analysis revealed the resurgence of the Kinsing malware, exploiting three CVEs: CVE-2023-46604 (ActiveMQ), CVE-2023-38646 (Metabase), and CVE-2025-55182 (React2Shell). The attacks, originating from IP 212.113.98.30, converged on a shared staging host at 78.153.140.16. The malware's tactics include downloading and installing a Go-based Linux binary and a stealthy libsystem.so component. The exploitation methods involve retrieving and executing malicious scripts, leading to the installation of Kinsing's core components. This cluster of activity demonstrates how older malware families can remain relevant by exploiting new vulnerabilities without significantly changing their core binaries.

Created: 2026-04-25

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 35.70
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1136.003 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 59.34
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 19.08
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Contagious Interview

Score: 24.23
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 5.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 11.59
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT29

Score: 34.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1218.009 - Regsvcs/Regasm
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 19.45
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Dragonfly

Score: 33.29
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ke3chang

Score: 15.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Agrius

Score: 11.69
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 48.41
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1041 - Exfiltration Over C2 Channel
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

APT5

Score: 12.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

menuPass

Score: 12.16
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Threat Group-3390

Score: 20.45
Matched TTPs:
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 27.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 23.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 14.90
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 24.27
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.014 - VDSO Hijacking
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
MITREへのリンク →

Scattered Spider

Score: 42.33
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 13.39
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Sidewinder

Score: 11.25
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 24.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1111 - Multi-Factor Authentication Interception
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 8.83
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
MITREへのリンク →

ZIRCONIUM

Score: 10.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 34.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1592.004 - Client Configurations
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 28.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 36.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1588.003 - Code Signing Certificates
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 10.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
MITREへのリンク →

Moonstone Sleet

Score: 16.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 15.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1555.003 - Credentials from Web Browsers
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 8.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

HAFNIUM

Score: 19.72
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Transparent Tribe

Score: 6.16
Matched TTPs:
  • T1115 - Clipboard Data
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 13.25
Matched TTPs:
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 24.48
Matched TTPs:
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 8.13
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 11.47
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

TeamTNT

Score: 12.94
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 8.20
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

OilRig

Score: 29.77
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 27.12
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 7.07
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

Chimera

Score: 13.46
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
  • T1665 - Hide Infrastructure
MITREへのリンク →

Earth Lusca

Score: 23.15
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volt Typhoon

Score: 35.65
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 3.99
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT1

Score: 6.74
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1668 - Exclusive Control
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

Gamaredon Group

Score: 29.06
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aoqin Dragon

Score: 3.03
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Darkhotel

Score: 6.27
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tropic Trooper

Score: 13.23
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

TA2541

Score: 9.93
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 9.41
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

TA505

Score: 7.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 23.39
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

BITTER

Score: 6.73
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 7.65
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 12.22
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 3.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Rocke

Score: 10.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

BackdoorDiplomacy

Score: 5.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 19.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Fox Kitten

Score: 18.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
MITREへのリンク →

ToddyCat

Score: 13.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Winter Vivern

Score: 8.22
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 13.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.014 - VDSO Hijacking
  • T1488 - Disk Content Wipe
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 5.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

UNC3886

Score: 14.21
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 7.05
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Play

Score: 6.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

MuddyWater

Score: 14.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 8.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

APT39

Score: 8.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Akira

Score: 10.22
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT38

Score: 26.67
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1218.012 - Verclsid
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 7.44
Matched TTPs:
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 5.91
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 4.22
Matched TTPs:
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Velvet Ant

Score: 6.60
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

PLATINUM

Score: 8.99
Matched TTPs:
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Lazarus Group

Score: 21.44
Matched TTPs:
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

LAPSUS$

Score: 20.21
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tonto Team

Score: 6.61
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

TA551

Score: 4.86
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
MITREへのリンク →

Lotus Blossom

Score: 6.86
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT19

Score: 3.24
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT3

Score: 10.32
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Stealth Falcon

Score: 5.09
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Naikon

Score: 3.01
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
MITREへのリンク →

Higaisa

Score: 4.30
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Confucius

Score: 6.53
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

Storm-1811

Score: 12.33
Matched TTPs:
  • T1196 - Control Panel Items
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Dark Caracal

Score: 7.73
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN5

Score: 4.07
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN6

Score: 16.81
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 7.34
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 3.46
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 4.29
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windshift

Score: 5.65
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 3.31
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1003.007 - Proc Filesystem
  • T1041 - Exfiltration Over C2 Channel
  • T1027.018 - Invisible Unicode
  • T1690 - Prevent Command History Logging
  • T1566.002 - Spearphishing Link
  • T1037 - Boot or Logon Initialization Scripts
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1665 - Hide Infrastructure
  • T1197 - BITS Jobs
  • T1003.003 - NTDS
  • T1565.002 - Transmitted Data Manipulation
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1684 - Social Engineering
  • T1055.014 - VDSO Hijacking
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608 - Stage Capabilities
  • T1134.002 - Create Process with Token
  • T1668 - Exclusive Control
MITREへのリンク →

APT41

Score: 0.57
Matched TTPs:
  • T1684 - Social Engineering
  • T1548.006 - TCC Manipulation
  • T1041 - Exfiltration Over C2 Channel
  • T1177 - LSASS Driver
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.002 - DLL Side-Loading
  • T1134 - Access Token Manipulation
  • T1590.006 - Network Security Appliances
  • T1668 - Exclusive Control
  • T1045 - Software Packing
  • T1037.001 - Logon Script (Windows)
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1097 - Pass the Ticket
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る