Trusted Design

Beyond the breach: inside a cargo theft actor's post-compromise playbook

概要

A cargo theft threat actor maintained access to a decoy environment for over a month, providing extensive visibility into post-compromise operations. The attacker established redundant persistence using multiple remote access tools, including four ScreenConnect instances, Pulseway RMM, and SimpleHelp RMM. A previously unknown signing-as-a-service capability was employed to evade detection by re-signing ScreenConnect installers with fraudulent code-signing certificates. Extensive reconnaissance targeted financial platforms, payment systems, cryptocurrency wallets, and transportation-specific services including fuel card providers, fleet payment platforms, and load board operators. The activity strongly aligns with financially motivated crimes against the transportation industry, including freight diversion and cargo theft operations.

Created: 2026-04-16

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 27.91
Matched TTPs:
  • T1113 - Screen Capture
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1591.002 - Business Relationships
  • T1583.003 - Virtual Private Server
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1018 - Remote System Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 12.87
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1550.003 - Pass the Ticket
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
MITREへのリンク →

Gamaredon Group

Score: 18.45
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1218.005 - Mshta
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 23.22
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT28

Score: 33.90
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
  • T1498 - Network Denial of Service
  • T1137.002 - Office Test
MITREへのリンク →

MoustachedBouncer

Score: 4.38
Matched TTPs:
  • T1113 - Screen Capture
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.69
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

APT42

Score: 19.51
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1583.003 - Virtual Private Server
  • T1656 - Impersonation
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Magic Hound

Score: 25.76
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MuddyWater

Score: 8.77
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Winter Vivern

Score: 10.78
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
MITREへのリンク →

Silence

Score: 6.13
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.001 - Spearphishing Attachment
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Volt Typhoon

Score: 24.54
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1018 - Remote System Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

Group5

Score: 4.22
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
MITREへのリンク →

APT39

Score: 9.53
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Kimsuky

Score: 48.62
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1111 - Multi-Factor Authentication Interception
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Dark Caracal

Score: 4.81
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 30.24
Matched TTPs:
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1591 - Gather Victim Org Information
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

APT38

Score: 14.91
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

Ajax Security Team

Score: 5.33
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 5.84
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
MITREへのリンク →

menuPass

Score: 13.12
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

APT5

Score: 9.84
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Tonto Team

Score: 4.91
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Threat Group-3390

Score: 19.99
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1018 - Remote System Discovery
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Lazarus Group

Score: 25.75
Matched TTPs:
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1591 - Gather Victim Org Information
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 4.91
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

FIN4

Score: 4.23
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

Sandworm Team

Score: 35.18
Matched TTPs:
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1586.001 - Social Media Accounts
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1591.002 - Business Relationships
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
MITREへのリンク →

HEXANE

Score: 16.76
Matched TTPs:
  • T1056.001 - Keylogging
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1534 - Internal Spearphishing
  • T1018 - Remote System Discovery
MITREへのリンク →

APT32

Score: 20.35
Matched TTPs:
  • T1056.001 - Keylogging
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1550.003 - Pass the Ticket
  • T1218.005 - Mshta
  • T1068 - Exploitation for Privilege Escalation
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

APT3

Score: 6.76
Matched TTPs:
  • T1056.001 - Keylogging
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

FIN13

Score: 14.75
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
MITREへのリンク →

Ke3chang

Score: 17.43
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

APT41

Score: 34.23
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1078 - Valid Accounts
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1018 - Remote System Discovery
  • T1596.005 - Scan Databases
MITREへのリンク →

Contagious Interview

Score: 24.85
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Mustard Tempest

Score: 6.51
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.001 - Upload Malware
MITREへのリンク →

Daggerfly

Score: 8.81
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

GALLIUM

Score: 10.31
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
MITREへのリンク →

APT29

Score: 39.09
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1550.003 - Pass the Ticket
  • T1098.005 - Device Registration
  • T1218.005 - Mshta
  • T1621 - Multi-Factor Authentication Request Generation
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1027.006 - HTML Smuggling
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Agrius

Score: 7.40
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
MITREへのリンク →

Wizard Spider

Score: 15.92
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1518.002 - Backup Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Ember Bear

Score: 14.06
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1018 - Remote System Discovery
MITREへのリンク →

Sea Turtle

Score: 17.42
Matched TTPs:
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1608.003 - Install Digital Certificate
MITREへのリンク →

Axiom

Score: 17.09
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1078 - Valid Accounts
  • T1001.002 - Steganography
MITREへのリンク →

Moonstone Sleet

Score: 24.44
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 11.72
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

UNC3886

Score: 11.22
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

LuminousMoth

Score: 10.95
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1608.005 - Link Target
MITREへのリンク →

Salt Typhoon

Score: 5.91
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Play

Score: 10.85
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Aoqin Dragon

Score: 5.13
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Moses Staff

Score: 5.91
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Turla

Score: 17.30
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1018 - Remote System Discovery
MITREへのリンク →

Mustang Panda

Score: 30.68
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1218.005 - Mshta
  • T1052.001 - Exfiltration over USB
  • T1018 - Remote System Discovery
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

TeamTNT

Score: 18.30
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Scattered Spider

Score: 45.57
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1598.004 - Spearphishing Voice
  • T1657 - Financial Theft
  • T1621 - Multi-Factor Authentication Request Generation
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Storm-0501

Score: 14.60
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

FIN6

Score: 17.72
Matched TTPs:
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Leviathan

Score: 11.52
Matched TTPs:
  • T1586.001 - Social Media Accounts
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
MITREへのリンク →

Sidewinder

Score: 9.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 7.99
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1068 - Exploitation for Privilege Escalation
  • T1598 - Phishing for Information
MITREへのリンク →

Star Blizzard

Score: 10.35
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 12.00
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 3.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Cobalt Group

Score: 5.90
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Saint Bear

Score: 7.68
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Tropic Trooper

Score: 11.66
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1052.001 - Exfiltration over USB
  • T1573 - Encrypted Channel
MITREへのリンク →

admin@338

Score: 3.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
MITREへのリンク →

Windshift

Score: 3.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BITTER

Score: 8.56
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
MITREへのリンク →

Inception

Score: 3.22
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
MITREへのリンク →

EXOTIC LILY

Score: 9.22
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1593.001 - Social Media
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT33

Score: 4.39
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

TA551

Score: 3.22
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
MITREへのリンク →

Confucius

Score: 3.22
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
MITREへのリンク →

BlackTech

Score: 5.50
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Gorgon Group

Score: 6.80
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055.002 - Portable Executable Injection
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1657 - Financial Theft
MITREへのリンク →

SideCopy

Score: 8.81
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

FIN8

Score: 11.43
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

LazyScripter

Score: 5.19
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
MITREへのリンク →

TA2541

Score: 6.99
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TA505

Score: 6.99
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT1

Score: 3.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
MITREへのリンク →

HAFNIUM

Score: 11.48
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1068 - Exploitation for Privilege Escalation
  • T1018 - Remote System Discovery
MITREへのリンク →

Aquatic Panda

Score: 4.32
Matched TTPs:
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Chimera

Score: 9.11
Matched TTPs:
  • T1007 - System Service Discovery
  • T1078 - Valid Accounts
  • T1111 - Multi-Factor Authentication Interception
  • T1018 - Remote System Discovery
MITREへのリンク →

Earth Lusca

Score: 13.47
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1218.005 - Mshta
  • T1584.006 - Web Services
  • T1018 - Remote System Discovery
MITREへのリンク →

Rocke

Score: 14.72
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1055.002 - Portable Executable Injection
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
MITREへのリンク →

INC Ransom

Score: 12.99
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Velvet Ant

Score: 7.58
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 21.64
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1583.003 - Virtual Private Server
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

Medusa Group

Score: 17.98
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
MITREへのリンク →

Fox Kitten

Score: 7.72
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Cinnamon Tempest

Score: 5.42
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
MITREへのリンク →

ToddyCat

Score: 7.88
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 9.85
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1134 - Access Token Manipulation
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

Akira

Score: 14.17
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1078 - Valid Accounts
MITREへのリンク →

LAPSUS$

Score: 24.52
Matched TTPs:
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1583.003 - Virtual Private Server
  • T1621 - Multi-Factor Authentication Request Generation
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1656 - Impersonation
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Storm-1811

Score: 7.90
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lotus Blossom

Score: 5.39
Matched TTPs:
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.005 - Mshta
  • T1591 - Gather Victim Org Information
  • T1113 - Screen Capture
  • T1598.003 - Spearphishing Link
  • T1598 - Phishing for Information
  • T1587.001 - Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1593.001 - Social Media
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1657 - Financial Theft
  • T1534 - Internal Spearphishing
  • T1656 - Impersonation
  • T1588.003 - Code Signing Certificates
  • T1007 - System Service Discovery
  • T1111 - Multi-Factor Authentication Interception
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Scattered Spider

Score: 0.66
Matched TTPs:
  • T1657 - Financial Theft
  • T1598 - Phishing for Information
  • T1070.008 - Clear Mailbox Data
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1556.009 - Conditional Access Policies
  • T1598.003 - Spearphishing Link
  • T1621 - Multi-Factor Authentication Request Generation
  • T1484.002 - Trust Modification
  • T1598.004 - Spearphishing Voice
  • T1562.001 - Disable or Modify Tools
  • T1538 - Cloud Service Dashboard
  • T1018 - Remote System Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

APT29

Score: 0.56
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.005 - Mshta
  • T1027.006 - HTML Smuggling
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1587.001 - Malware
  • T1566.003 - Spearphishing via Service
  • T1550.003 - Pass the Ticket
  • T1078 - Valid Accounts
  • T1621 - Multi-Factor Authentication Request Generation
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1098.005 - Device Registration
  • T1546.008 - Accessibility Features
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る