Trusted Design

108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure

概要

A coordinated campaign of 108 malicious Chrome extensions operated through shared command-and-control infrastructure at cloudapi[.]stream has been identified, collectively accounting for approximately 20,000 installations. The campaign spans multiple threat categories: 54 extensions steal Google account identities via OAuth2, one extension actively exfiltrates Telegram Web sessions every 15 seconds, and 45 extensions contain a universal backdoor enabling arbitrary URL execution on browser startup. Published under five distinct publisher identities (Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt), these extensions masquerade as legitimate tools including Telegram sidebar clients, slot games, YouTube and TikTok enhancers, and translation utilities. All extensions route stolen credentials, user identities, and browsing data to servers controlled by the same operator, with infrastructure confirming a Malware-as-a-Service business model.

Created: 2026-05-14

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 10.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1608.005 - Link Target
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

menuPass

Score: 14.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 18.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 6.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.005 - Publish/Subscribe Protocols
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 10.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1588.001 - Malware
  • T1656 - Impersonation
MITREへのリンク →

Volt Typhoon

Score: 40.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1071.005 - Publish/Subscribe Protocols
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1584.002 - DNS Server
  • T1546.016 - Installer Packages
MITREへのリンク →

APT1

Score: 12.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 29.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 3.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 13.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1574 - Hijack Execution Flow
MITREへのリンク →

Sea Turtle

Score: 6.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT39

Score: 10.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.001 - Spearphishing Attachment
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 16.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1071.005 - Publish/Subscribe Protocols
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT5

Score: 10.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1578.003 - Delete Cloud Instance
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 7.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 8.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 25.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1562.004 - Disable or Modify System Firewall
  • T1177 - LSASS Driver
  • T1578.003 - Delete Cloud Instance
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

MuddyWater

Score: 16.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT28

Score: 23.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 26.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1131 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1546.016 - Installer Packages
MITREへのリンク →

BRONZE BUTLER

Score: 10.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.005 - Publish/Subscribe Protocols
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

UNC3886

Score: 18.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 55.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1588.001 - Malware
  • T1609 - Container Administration Command
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 11.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN8

Score: 9.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 18.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lotus Blossom

Score: 8.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1176.001 - Browser Extensions
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 17.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 24.90
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 32.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Aquatic Panda

Score: 12.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 5.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Scattered Spider

Score: 34.23
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

APT32

Score: 24.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1484 - Domain or Tenant Policy Modification
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 8.82
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

FIN6

Score: 8.61
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 5.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
MITREへのリンク →

Winter Vivern

Score: 14.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1090 - Proxy
  • T1588.001 - Malware
MITREへのリンク →

Silence

Score: 4.72
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
MITREへのリンク →

Contagious Interview

Score: 37.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1126 - Network Share Connection Removal
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 5.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 15.09
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 14.22
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cobalt Group

Score: 8.45
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1176.001 - Browser Extensions
  • T1598.004 - Spearphishing Voice
MITREへのリンク →

Higaisa

Score: 6.59
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1588.001 - Malware
MITREへのリンク →

Indrik Spider

Score: 13.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
MITREへのリンク →

Leafminer

Score: 6.51
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 5.41
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

HEXANE

Score: 11.21
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT29

Score: 26.70
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 27.31
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1562.009 - Safe Mode Boot
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
MITREへのリンク →

TA2541

Score: 8.07
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Daggerfly

Score: 5.43
Matched TTPs:
  • T1584.008 - Network Devices
  • T1546.016 - Installer Packages
MITREへのリンク →

Dragonfly

Score: 18.35
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
  • T1546.016 - Installer Packages
MITREへのリンク →

Threat Group-3390

Score: 11.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Ember Bear

Score: 14.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1562.004 - Disable or Modify System Firewall
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1003.003 - NTDS
MITREへのリンク →

Storm-0501

Score: 16.95
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1588.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Darkhotel

Score: 5.96
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Lazarus Group

Score: 35.24
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1176.001 - Browser Extensions
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

ZIRCONIUM

Score: 13.93
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

Sandworm Team

Score: 33.29
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
MITREへのリンク →

Leviathan

Score: 17.49
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1546.016 - Installer Packages
MITREへのリンク →

Tropic Trooper

Score: 11.09
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

Medusa Group

Score: 16.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

DarkVishnya

Score: 6.47
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1213.003 - Code Repositories
MITREへのリンク →

APT38

Score: 29.12
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

TeamTNT

Score: 18.29
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

BlackByte

Score: 12.55
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

PROMETHIUM

Score: 4.03
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
MITREへのリンク →

OilRig

Score: 20.08
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1566.001 - Spearphishing Attachment
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1556 - Modify Authentication Process
MITREへのリンク →

Carbanak

Score: 6.37
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1009 - Binary Padding
  • T1588.001 - Malware
MITREへのリンク →

Cinnamon Tempest

Score: 4.28
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Storm-1811

Score: 11.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT42

Score: 6.84
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Moonstone Sleet

Score: 13.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
MITREへのリンク →

BITTER

Score: 3.61
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
MITREへのリンク →

CURIUM

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

LAPSUS$

Score: 13.25
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Salt Typhoon

Score: 8.93
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 6.48
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Velvet Ant

Score: 5.87
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

BackdoorDiplomacy

Score: 3.83
Matched TTPs:
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

SideCopy

Score: 4.13
Matched TTPs:
  • T1584.002 - DNS Server
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.003 - NTDS
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1131 - Authentication Package
  • T1560.001 - Archive via Utility
  • T1546.008 - Accessibility Features
  • T1030 - Data Transfer Size Limits
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1098.007 - Additional Local or Domain Groups
  • T1656 - Impersonation
  • T1213.006 - Databases
  • T1609 - Container Administration Command
  • T1197 - BITS Jobs
  • T1027.004 - Compile After Delivery
  • T1003.007 - Proc Filesystem
  • T1588.001 - Malware
  • T1126 - Network Share Connection Removal
  • T1546.013 - PowerShell Profile
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る