Trusted Design

Phantom Footprints: Tracking GhostSocks Malware

概要

GhostSocks is an emerging threat that turns compromised devices into residential proxy nodes, enabling attackers to evade detection. Originally marketed on Russian underground forums as Malware-as-a-Service, it has gained popularity due to its partnership with Lumma Stealer. Written in GoLang, GhostSocks uses SOCKS5 proxy protocol and TLS encryption to blend malicious traffic into normal network activity. It also incorporates backdoor functionality for running arbitrary commands and deploying additional payloads. Darktrace observed an increase in GhostSocks activity, detecting it alongside Lumma Stealer in customer networks. The malware's versatility in converting devices into proxy nodes while enabling covert network access illustrates how threat actors maximize the value of compromised infrastructure.

Created: 2026-05-01

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 11.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
MITREへのリンク →

menuPass

Score: 13.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Wizard Spider

Score: 21.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 6.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1039 - Data from Network Shared Drive
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 10.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

CopyKittens

Score: 4.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
MITREへのリンク →

Volt Typhoon

Score: 35.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1212 - Exploitation for Credential Access
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT1

Score: 8.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1668 - Exclusive Control
MITREへのリンク →

Mustang Panda

Score: 36.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1136.003 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 12.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 20.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1212 - Exploitation for Credential Access
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
MITREへのリンク →

Sea Turtle

Score: 14.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 11.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

RedCurl

Score: 6.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1209 - Time Providers
MITREへのリンク →

APT5

Score: 14.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 12.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 13.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT41

Score: 37.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

MuddyWater

Score: 15.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT28

Score: 28.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 28.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1176 - Software Extensions
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1212 - Exploitation for Credential Access
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Sowbug

Score: 4.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1219.001 - IDE Tunneling
MITREへのリンク →

BRONZE BUTLER

Score: 8.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 23.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
MITREへのリンク →

Kimsuky

Score: 48.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 13.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN8

Score: 10.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 20.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lotus Blossom

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

FIN13

Score: 26.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1209 - Time Providers
  • T1668 - Exclusive Control
MITREへのリンク →

Earth Lusca

Score: 20.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.004 - Application or System Exploitation
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Magic Hound

Score: 32.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 6.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

INC Ransom

Score: 13.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Akira

Score: 14.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

ToddyCat

Score: 12.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT38

Score: 28.07
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ajax Security Team

Score: 4.46
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1547.008 - LSASS Driver
MITREへのリンク →

Darkhotel

Score: 8.03
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1058 - Service Registry Permissions Weakness
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 7.18
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1212 - Exploitation for Credential Access
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Threat Group-3390

Score: 16.87
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Lazarus Group

Score: 29.75
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

PLATINUM

Score: 5.80
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sandworm Team

Score: 24.73
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

OilRig

Score: 28.47
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1212 - Exploitation for Credential Access
  • T1048 - Exfiltration Over Alternative Protocol
  • T1039 - Data from Network Shared Drive
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT42

Score: 6.19
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

HEXANE

Score: 22.06
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1499.003 - Application Exhaustion Flood
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1212 - Exploitation for Credential Access
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT32

Score: 32.05
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1556 - Modify Authentication Process
MITREへのリンク →

Contagious Interview

Score: 30.53
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN6

Score: 19.24
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustard Tempest

Score: 8.28
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 4.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT29

Score: 32.68
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1036.004 - Masquerade Task or Service
  • T1218.012 - Verclsid
  • T1039 - Data from Network Shared Drive
  • T1218.009 - Regsvcs/Regasm
  • T1223 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 17.09
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ember Bear

Score: 16.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 10.37
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 17.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 10.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

LuminousMoth

Score: 14.22
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
MITREへのリンク →

Salt Typhoon

Score: 13.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1556 - Modify Authentication Process
MITREへのリンク →

Aoqin Dragon

Score: 6.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Moses Staff

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

TeamTNT

Score: 17.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1071.003 - Mail Protocols
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
MITREへのリンク →

FIN7

Score: 19.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Medusa Group

Score: 26.44
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Scattered Spider

Score: 43.18
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 17.34
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1090.004 - Domain Fronting
MITREへのリンク →

Sidewinder

Score: 9.72
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

Silent Librarian

Score: 8.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
MITREへのリンク →

ZIRCONIUM

Score: 9.97
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
MITREへのリンク →

Star Blizzard

Score: 15.93
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
MITREへのリンク →

CURIUM

Score: 14.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 5.52
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 16.04
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
MITREへのリンク →

Tropic Trooper

Score: 11.97
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1209 - Time Providers
MITREへのリンク →

LAPSUS$

Score: 15.67
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1039 - Data from Network Shared Drive
  • T1564.003 - Hidden Window
MITREへのリンク →

Leviathan

Score: 16.75
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 6.11
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
MITREへのリンク →

LazyScripter

Score: 4.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
MITREへのリンク →

SideCopy

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
MITREへのリンク →

TA505

Score: 6.11
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BlackByte

Score: 21.43
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

BITTER

Score: 4.07
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
MITREへのリンク →

EXOTIC LILY

Score: 10.63
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 12.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

BackdoorDiplomacy

Score: 4.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1209 - Time Providers
MITREへのリンク →

BlackTech

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Cinnamon Tempest

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

Blue Mockingbird

Score: 4.22
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Winter Vivern

Score: 10.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

Velvet Ant

Score: 11.30
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 7.57
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
  • T1134 - Access Token Manipulation
MITREへのリンク →

Inception

Score: 6.39
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

admin@338

Score: 6.19
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

Dark Caracal

Score: 9.03
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Confucius

Score: 5.61
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
MITREへのリンク →

Windigo

Score: 3.06
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Leafminer

Score: 6.37
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Andariel

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA551

Score: 5.09
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Silence

Score: 4.98
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 6.61
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1209 - Time Providers
MITREへのリンク →

Storm-1811

Score: 4.86
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT19

Score: 4.51
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windshift

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Naikon

Score: 3.31
Matched TTPs:
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1219.001 - IDE Tunneling
  • T1183 - Image File Execution Options Injection
  • T1016.001 - Internet Connection Discovery
  • T1690 - Prevent Command History Logging
  • T1087.004 - Cloud Account
  • T1668 - Exclusive Control
  • T1596.003 - Digital Certificates
  • T1024 - Custom Cryptographic Protocol
  • T1197 - BITS Jobs
  • T1218.012 - Verclsid
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1003.003 - NTDS
MITREへのリンク →

Scattered Spider

Score: 0.62
Matched TTPs:
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1219.001 - IDE Tunneling
  • T1134 - Access Token Manipulation
  • T1019 - System Firmware
  • T1566.002 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027 - Obfuscated Files or Information
  • T1547.005 - Security Support Provider
  • T1027.002 - Software Packing
  • T1090.004 - Domain Fronting
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る