Trusted Design

Threat Actor Targets Arabian Gulf Region With PlugX

概要

In March 2026, a China-nexus threat actor launched a sophisticated campaign targeting countries in the Arabian Gulf region, exploiting renewed Middle East conflict themes within 24 hours of escalation. The attack utilized Arabic-language lures depicting missile strikes and employed a multi-stage infection chain beginning with weaponized ZIP archives containing malicious LNK and CHM files. The campaign deployed a heavily obfuscated PlugX backdoor variant through DLL sideloading, with components using control flow flattening and mixed boolean arithmetic techniques. The backdoor supports HTTPS command-and-control communications, DNS-over-HTTPS resolution, and multiple plugins for system manipulation. Based on tools, techniques, and procedures including specific RC4 decryption keys and rapid geopolitical weaponization, the activity is attributed with medium confidence to Mustang Panda.

Created: 2026-05-13

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 9.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 13.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 13.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
MITREへのリンク →

APT33

Score: 6.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Fox Kitten

Score: 7.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
MITREへのリンク →

Volt Typhoon

Score: 31.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1488 - Disk Content Wipe
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 9.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 31.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Play

Score: 10.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 13.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1592.003 - Firmware
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 4.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 10.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1599 - Network Boundary Bridging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 19.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
  • T1055.009 - Proc Memory
MITREへのリンク →

APT5

Score: 5.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 5.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 10.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 19.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

MuddyWater

Score: 23.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
MITREへのリンク →

APT28

Score: 15.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1139 - Bash History
  • T1547.011 - Plist Modification
  • T1592.003 - Firmware
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Turla

Score: 19.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BRONZE BUTLER

Score: 18.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

UNC3886

Score: 24.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 42.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 13.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
MITREへのリンク →

FIN8

Score: 6.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Ke3chang

Score: 17.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lotus Blossom

Score: 4.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 20.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 15.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 25.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1592.003 - Firmware
MITREへのリンク →

Aquatic Panda

Score: 9.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1144 - Gatekeeper Bypass
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 14.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1055.009 - Proc Memory
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 8.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

Scattered Spider

Score: 37.00
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

APT32

Score: 17.01
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 6.52
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Sidewinder

Score: 9.47
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1159 - Launch Agent
MITREへのリンク →

Winter Vivern

Score: 8.88
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 20.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

TA505

Score: 16.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 14.65
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1009 - Binary Padding
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 16.32
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1573 - Encrypted Channel
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Higaisa

Score: 6.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 13.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 4.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1051 - Shared Webroot
MITREへのリンク →

Evilnum

Score: 4.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 10.63
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Daggerfly

Score: 5.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
MITREへのリンク →

APT29

Score: 30.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Dragonfly

Score: 15.80
Matched TTPs:
  • T1584.008 - Network Devices
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 16.01
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Ember Bear

Score: 9.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Medusa Group

Score: 17.52
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Storm-0501

Score: 17.78
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1055.009 - Proc Memory
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 31.45
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
MITREへのリンク →

Leviathan

Score: 17.84
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
MITREへのリンク →

Gamaredon Group

Score: 15.46
Matched TTPs:
  • T1527 - Application Access Token
  • T1090 - Proxy
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TeamTNT

Score: 15.22
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 13.34
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 5.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

LAPSUS$

Score: 13.65
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1592.003 - Firmware
MITREへのリンク →

HEXANE

Score: 11.17
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1159 - Launch Agent
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Lazarus Group

Score: 26.28
Matched TTPs:
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT38

Score: 12.75
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Velvet Ant

Score: 13.68
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 12.08
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Moonstone Sleet

Score: 9.03
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

APT42

Score: 10.35
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1599 - Network Boundary Bridging
  • T1128 - Netsh Helper DLL
MITREへのリンク →

CURIUM

Score: 5.91
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silent Librarian

Score: 9.57
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

SideCopy

Score: 4.22
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1159 - Launch Agent
MITREへのリンク →

Tropic Trooper

Score: 21.61
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1128 - Netsh Helper DLL
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

ZIRCONIUM

Score: 3.81
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 11.44
Matched TTPs:
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1160 - Launch Daemon
MITREへのリンク →

TA2541

Score: 4.54
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

RedEcho

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Storm-1811

Score: 13.65
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

LuminousMoth

Score: 3.44
Matched TTPs:
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

APT18

Score: 3.84
Matched TTPs:
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1490 - Inhibit System Recovery
  • T1609 - Container Administration Command
  • T1565.002 - Transmitted Data Manipulation
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
  • T1027.004 - Compile After Delivery
  • T1213.006 - Databases
  • T1546.013 - PowerShell Profile
  • T1546.011 - Application Shimming
MITREへのリンク →

Scattered Spider

Score: 0.60
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1609 - Container Administration Command
  • T1565.002 - Transmitted Data Manipulation
  • T1666 - Modify Cloud Resource Hierarchy
  • T1547.005 - Security Support Provider
  • T1685.004 - Disable or Modify Linux Audit System Log
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る