Trusted Design

Q1 2026 Malware Statistics Report for Linux SSH Servers

概要

Analysis of attacks against Linux SSH servers during Q1 2026 reveals P2PInfect worm as the dominant threat, representing 70.3% of all attack sources. DDoS botnets including Mirai, XMRig, Prometei, and CoinMiner were identified as primary threats. A notable campaign involved installing V2Ray proxy tools on compromised systems, attributed to a suspected Chinese threat actor. Attackers employed SSH brute-force techniques to gain access, executed reconnaissance commands to assess system information, and deployed V2Ray for proxy node operations. The campaign targeted poorly secured SSH servers with weak credentials, emphasizing the need for strong password policies, access controls, and network monitoring to detect unusual outbound connections and proxy-related activities.

Created: 2026-04-14

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 29.75
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Mustard Tempest

Score: 9.64
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 9.00
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

GALLIUM

Score: 14.50
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

APT29

Score: 42.03
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1550.003 - Pass the Ticket
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1027.006 - HTML Smuggling
  • T1651 - Cloud Administration Command
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 19.64
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1134.003 - Make and Impersonate Token
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Dragonfly

Score: 38.05
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1187 - Forced Authentication
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Ke3chang

Score: 15.39
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

Agrius

Score: 12.64
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

APT41

Score: 31.54
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1071.002 - File Transfer Protocols
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1595.003 - Wordlist Scanning
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

APT5

Score: 12.86
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1021.004 - SSH
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.003 - Windows Command Shell
MITREへのリンク →

menuPass

Score: 14.97
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 20.90
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1053.002 - At
MITREへのリンク →

Wizard Spider

Score: 17.96
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Ember Bear

Score: 21.01
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 26.09
Matched TTPs:
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 18.85
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 21.37
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1110 - Brute Force
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
MITREへのリンク →

RedCurl

Score: 12.27
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 8.00
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Chimera

Score: 13.21
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1556.001 - Domain Controller Authentication
  • T1018 - Remote System Discovery
MITREへのリンク →

Magic Hound

Score: 41.19
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 14.98
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 42.18
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
MITREへのリンク →

Moonstone Sleet

Score: 20.96
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 14.68
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 27.80
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1591 - Gather Victim Org Information
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 24.81
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 25.06
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1095 - Non-Application Layer Protocol
  • T1059.003 - Windows Command Shell
MITREへのリンク →

LuminousMoth

Score: 9.27
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1608.005 - Link Target
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 36.62
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 11.99
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1098.004 - SSH Authorized Keys
MITREへのリンク →

Play

Score: 10.75
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

Moses Staff

Score: 9.14
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Turla

Score: 25.37
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1016 - System Network Configuration Discovery
  • T1102 - Web Service
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustang Panda

Score: 33.24
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1052.001 - Exfiltration over USB
  • T1095 - Non-Application Layer Protocol
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

TeamTNT

Score: 27.21
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1610 - Deploy Container
  • T1098.004 - SSH Authorized Keys
  • T1016 - System Network Configuration Discovery
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
MITREへのリンク →

FIN7

Score: 25.66
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN6

Score: 25.05
Matched TTPs:
  • T1213.006 - Databases
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 14.00
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 38.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1021.004 - SSH
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Silent Librarian

Score: 10.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 10.39
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 30.31
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1550.003 - Pass the Ticket
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1068 - Exploitation for Privilege Escalation
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 30.70
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1137.002 - Office Test
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 14.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 16.94
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 8.59
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 16.15
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 5.07
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1204.001 - Malicious Link
MITREへのリンク →

Aquatic Panda

Score: 4.99
Matched TTPs:
  • T1021.004 - SSH
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Fox Kitten

Score: 17.72
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1102 - Web Service
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

Storm-1811

Score: 10.98
Matched TTPs:
  • T1021.004 - SSH
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Rocke

Score: 18.97
Matched TTPs:
  • T1021.004 - SSH
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1018 - Remote System Discovery
MITREへのリンク →

APT39

Score: 12.32
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

HAFNIUM

Score: 18.33
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

INC Ransom

Score: 11.43
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Velvet Ant

Score: 7.58
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Volt Typhoon

Score: 33.84
Matched TTPs:
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

TA2541

Score: 7.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 19.39
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1098.004 - SSH Authorized Keys
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 9.15
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

Gamaredon Group

Score: 24.30
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1095 - Non-Application Layer Protocol
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 12.15
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

TA505

Score: 10.48
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 25.83
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

BITTER

Score: 10.36
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Saint Bear

Score: 6.08
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 14.51
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 16.96
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
MITREへのリンク →

BackdoorDiplomacy

Score: 5.90
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Medusa Group

Score: 21.93
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
MITREへのリンク →

Storm-0501

Score: 13.39
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Cinnamon Tempest

Score: 3.85
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

ToddyCat

Score: 11.50
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1095 - Non-Application Layer Protocol
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 6.27
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

MuddyWater

Score: 17.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

LAPSUS$

Score: 19.00
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1078 - Valid Accounts
MITREへのリンク →

APT38

Score: 25.01
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1565.002 - Transmitted Data Manipulation
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 13.33
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1095 - Non-Application Layer Protocol
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 6.93
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1204.001 - Malicious Link
MITREへのリンク →

Stealth Falcon

Score: 3.52
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Leafminer

Score: 5.36
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

APT37

Score: 4.77
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Molerats

Score: 3.41
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1204.001 - Malicious Link
MITREへのリンク →

Ajax Security Team

Score: 4.58
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 9.66
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1518 - Software Discovery
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

Tropic Trooper

Score: 14.69
Matched TTPs:
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1052.001 - Exfiltration over USB
  • T1573 - Encrypted Channel
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
MITREへのリンク →

Tonto Team

Score: 3.86
Matched TTPs:
  • T1505.003 - Web Shell
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Lotus Blossom

Score: 6.86
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
MITREへのリンク →

APT19

Score: 3.24
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Naikon

Score: 3.01
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Darkhotel

Score: 4.19
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 16.49
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1053.002 - At
MITREへのリンク →

FIN8

Score: 12.24
Matched TTPs:
  • T1102 - Web Service
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 3.70
Matched TTPs:
  • T1218.005 - Mshta
  • T1204.001 - Malicious Link
MITREへのリンク →

TA551

Score: 3.30
Matched TTPs:
  • T1218.005 - Mshta
  • T1059.003 - Windows Command Shell
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

FIN5

Score: 5.49
Matched TTPs:
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

APT18

Score: 6.22
Matched TTPs:
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1053.002 - At
MITREへのリンク →

Silence

Score: 3.92
Matched TTPs:
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

PLATINUM

Score: 6.53
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1095 - Non-Application Layer Protocol
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cobalt Group

Score: 4.41
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1187 - Forced Authentication
MITREへのリンク →

Andariel

Score: 5.61
Matched TTPs:
  • T1592.002 - Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

Metador

Score: 3.62
Matched TTPs:
  • T1095 - Non-Application Layer Protocol
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Dark Caracal

Score: 5.24
Matched TTPs:
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Machete

Score: 4.08
Matched TTPs:
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 4.29
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 8.39
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1204.001 - Malicious Link
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1593.001 - Social Media
  • T1190 - Exploit Public-Facing Application
  • T1219.002 - Remote Desktop Software
  • T1555.003 - Credentials from Web Browsers
  • T1588.005 - Exploits
  • T1505.003 - Web Shell
  • T1587.001 - Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1059.003 - Windows Command Shell
  • T1218.005 - Mshta
  • T1598.003 - Spearphishing Link
MITREへのリンク →

APT29

Score: 0.70
Matched TTPs:
  • T1204.001 - Malicious Link
  • T1068 - Exploitation for Privilege Escalation
  • T1651 - Cloud Administration Command
  • T1566.003 - Spearphishing via Service
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1003.002 - Security Account Manager
  • T1505.003 - Web Shell
  • T1587.001 - Malware
  • T1649 - Steal or Forge Authentication Certificates
  • T1027.006 - HTML Smuggling
  • T1550.003 - Pass the Ticket
  • T1218.005 - Mshta
  • T1546.008 - Accessibility Features
MITREへのリンク →

Magic Hound

Score: 0.68
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1016 - System Network Configuration Discovery
  • T1204.001 - Malicious Link
  • T1114.001 - Local Email Collection
  • T1585.002 - Email Accounts
  • T1071 - Application Layer Protocol
  • T1562.001 - Disable or Modify Tools
  • T1592.002 - Software
  • T1566.003 - Spearphishing via Service
  • T1190 - Exploit Public-Facing Application
  • T1573 - Encrypted Channel
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1189 - Drive-by Compromise
  • T1562.004 - Disable or Modify System Firewall
  • T1059.003 - Windows Command Shell
  • T1598.003 - Spearphishing Link
  • T1018 - Remote System Discovery
MITREへのリンク →

Scattered Spider

Score: 0.63
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1016 - System Network Configuration Discovery
  • T1018 - Remote System Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1021.004 - SSH
  • T1219.002 - Remote Desktop Software
  • T1078 - Valid Accounts
  • T1589 - Gather Victim Identity Information
  • T1556.009 - Conditional Access Policies
  • T1538 - Cloud Service Dashboard
  • T1562.001 - Disable or Modify Tools
  • T1598.004 - Spearphishing Voice
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
MITREへのリンク →

Dragonfly

Score: 0.63
Matched TTPs:
  • T1187 - Forced Authentication
  • T1016 - System Network Configuration Discovery
  • T1591.002 - Business Relationships
  • T1071.002 - File Transfer Protocols
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1583.003 - Virtual Private Server
  • T1003.002 - Security Account Manager
  • T1598.002 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1189 - Drive-by Compromise
  • T1562.004 - Disable or Modify System Firewall
  • T1059.003 - Windows Command Shell
  • T1598.003 - Spearphishing Link
  • T1018 - Remote System Discovery
MITREへのリンク →

Sandworm Team

Score: 0.61
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
  • T1499 - Endpoint Denial of Service
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1592.002 - Software
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1213.006 - Databases
  • T1505.003 - Web Shell
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1018 - Remote System Discovery
MITREへのリンク →

Volt Typhoon

Score: 0.56
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1068 - Exploitation for Privilege Escalation
  • T1596.005 - Scan Databases
  • T1591 - Gather Victim Org Information
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1587.004 - Exploits
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Mustang Panda

Score: 0.55
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1204.001 - Malicious Link
  • T1585.002 - Email Accounts
  • T1219.002 - Remote Desktop Software
  • T1102 - Web Service
  • T1095 - Non-Application Layer Protocol
  • T1505.003 - Web Shell
  • T1518 - Software Discovery
  • T1587.001 - Malware
  • T1059.003 - Windows Command Shell
  • T1052.001 - Exfiltration over USB
  • T1218.005 - Mshta
  • T1598.003 - Spearphishing Link
  • T1018 - Remote System Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る