Trusted Design

59 Victims, Zero Authentication: A ClickFix Campaign Force-Installs a Chrome Extension Banking Stealer and Leaves the Entire C2 Wide Open

概要

A Brazilian banking fraud operation leveraging ClickFix social engineering was discovered through a community tip, exposing a completely unauthenticated command-and-control infrastructure. The campaign deploys a malicious Chrome extension masquerading as a Banco Central do Brasil tool, force-installed via Chrome Cloud Management enrollment tokens. The extension achieves zero antivirus detections while targeting eight Brazilian financial institutions. At investigation time, 59 machines were compromised with seven active connections. The operator's C2 server exposed all endpoints without authentication, including admin panels, live victim screenshots, stolen credentials in cleartext, and intercepted Pix payment data. Attribution was established through WHOIS records revealing the operator's real name, CPF, and email address. The operation specifically targeted Northern Brazilian regional banks and credit cooperatives, with evidence of compromising a school fund account.

Created: 2026-05-14

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 28.37
Matched TTPs:
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Turla

Score: 30.28
Matched TTPs:
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Saint Bear

Score: 8.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 9.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
MITREへのリンク →

Sidewinder

Score: 6.71
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1090 - Proxy
MITREへのリンク →

MuddyWater

Score: 18.18
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Earth Lusca

Score: 19.33
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

TA577

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Winter Vivern

Score: 12.40
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
MITREへのリンク →

Silence

Score: 10.56
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 35.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1126 - Network Share Connection Removal
MITREへのリンク →

LazyScripter

Score: 6.95
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 16.54
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 20.97
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 14.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
MITREへのリンク →

Higaisa

Score: 4.81
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 62.65
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1126 - Network Share Connection Removal
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Indrik Spider

Score: 8.63
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Molerats

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Leafminer

Score: 9.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1027.016 - Junk Code Insertion
  • T1101 - Security Support Provider
MITREへのリンク →

Mustang Panda

Score: 35.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1136.001 - Local Account
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 6.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 9.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
MITREへのリンク →

Magic Hound

Score: 28.17
Matched TTPs:
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

HEXANE

Score: 11.67
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1027.016 - Junk Code Insertion
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT29

Score: 30.96
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Gamaredon Group

Score: 21.73
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TA2541

Score: 9.52
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Lotus Blossom

Score: 6.42
Matched TTPs:
  • T1099 - Timestomp
  • T1176.001 - Browser Extensions
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 16.66
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

HAFNIUM

Score: 17.92
Matched TTPs:
  • T1099 - Timestomp
  • T1027.016 - Junk Code Insertion
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 32.12
Matched TTPs:
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN8

Score: 6.53
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Mustard Tempest

Score: 5.98
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
MITREへのリンク →

GALLIUM

Score: 7.07
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Dragonfly

Score: 15.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 18.95
Matched TTPs:
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 9.07
Matched TTPs:
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1027.016 - Junk Code Insertion
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 15.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT5

Score: 4.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 12.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 7.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 11.39
Matched TTPs:
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
MITREへのリンク →

Ember Bear

Score: 17.11
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.016 - Junk Code Insertion
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1003.003 - NTDS
MITREへのリンク →

RedCurl

Score: 13.98
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Sea Turtle

Score: 11.09
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT1

Score: 10.51
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 17.66
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1027.016 - Junk Code Insertion
  • T1055.004 - Asynchronous Procedure Call
  • T1574 - Hijack Execution Flow
  • T1665 - Hide Infrastructure
MITREへのリンク →

Scattered Spider

Score: 32.51
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Storm-0501

Score: 20.31
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 32.12
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leviathan

Score: 11.23
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

Tropic Trooper

Score: 16.59
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Medusa Group

Score: 12.95
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1009 - Binary Padding
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

DarkVishnya

Score: 8.87
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

Aquatic Panda

Score: 6.26
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
MITREへのリンク →

APT38

Score: 24.18
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

TeamTNT

Score: 18.53
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackByte

Score: 12.55
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT19

Score: 4.28
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

PROMETHIUM

Score: 4.60
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1490 - Inhibit System Recovery
MITREへのリンク →

OilRig

Score: 21.82
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1592.002 - Software
MITREへのリンク →

Carbanak

Score: 4.28
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1009 - Binary Padding
MITREへのリンク →

APT3

Score: 11.15
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lazarus Group

Score: 32.18
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

Cinnamon Tempest

Score: 6.80
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1552.003 - Shell History
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Confucius

Score: 6.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
MITREへのリンク →

Machete

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT33

Score: 6.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.016 - Junk Code Insertion
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

ZIRCONIUM

Score: 10.76
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

Storm-1811

Score: 16.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Patchwork

Score: 4.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT42

Score: 6.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1599 - Network Boundary Bridging
MITREへのリンク →

APT39

Score: 12.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1599 - Network Boundary Bridging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

UNC3886

Score: 23.13
Matched TTPs:
  • T1689 - Downgrade Attack
  • T1556.002 - Password Filter DLL
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BRONZE BUTLER

Score: 6.66
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Akira

Score: 11.20
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT28

Score: 19.88
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Silent Librarian

Score: 11.55
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027.016 - Junk Code Insertion
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Moonstone Sleet

Score: 11.14
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
MITREへのリンク →

LAPSUS$

Score: 10.21
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
MITREへのリンク →

Salt Typhoon

Score: 6.19
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

ToddyCat

Score: 6.91
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

Velvet Ant

Score: 10.94
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1490 - Inhibit System Recovery
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 6.91
Matched TTPs:
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Fox Kitten

Score: 9.07
Matched TTPs:
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1656 - Impersonation
MITREへのリンク →

APT37

Score: 4.68
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

INC Ransom

Score: 12.02
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Play

Score: 6.99
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

Dark Caracal

Score: 3.44
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

SideCopy

Score: 4.13
Matched TTPs:
  • T1584.002 - DNS Server
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1197 - BITS Jobs
  • T1665 - Hide Infrastructure
  • T1027.004 - Compile After Delivery
  • T1003.007 - Proc Filesystem
  • T1126 - Network Share Connection Removal
  • T1546.013 - PowerShell Profile
  • T1552.003 - Shell History
  • T1565.002 - Transmitted Data Manipulation
  • T1656 - Impersonation
  • T1546.008 - Accessibility Features
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1490 - Inhibit System Recovery
  • T1608.005 - Link Target
  • T1609 - Container Administration Command
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1003.003 - NTDS
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る