Trusted Design

Malicious Campaign Deploying AdaptixC2 Beacon and VS Code via Trojanized SumatraPDF

概要

On March 12, 2026, a sophisticated attack campaign was identified targeting Chinese-speaking individuals using military-themed document lures distributed through a malicious ZIP archive. The operation employed a trojanized SumatraPDF binary as the initial vector to deploy an AdaptixC2 Beacon and Visual Studio Code on victim systems. The shellcode loader demonstrated significant similarities to the TOSHIS loader previously linked to TAOTH campaigns. Attackers established a custom AdaptixC2 Beacon listener utilizing GitHub for command-and-control infrastructure. The staging server infrastructure additionally hosted CobaltStrike Beacon and EntryShell backdoor, both previously associated with this threat group. The campaign infrastructure included multiple compromised domains and IP addresses for malware distribution and C2 communications.

Created: 2026-05-23

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 6.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1608.005 - Link Target
MITREへのリンク →

menuPass

Score: 14.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 18.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 6.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 4.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
MITREへのリンク →

Volt Typhoon

Score: 25.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 12.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 31.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 3.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 11.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 10.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT39

Score: 6.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 14.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT5

Score: 5.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 5.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 8.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 20.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1208 - Kerberoasting
  • T1573 - Encrypted Channel
  • T1564.003 - Hidden Window
MITREへのリンク →

MuddyWater

Score: 14.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT28

Score: 15.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
MITREへのリンク →

Turla

Score: 30.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

BRONZE BUTLER

Score: 15.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

UNC3886

Score: 16.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 39.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 9.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN8

Score: 7.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 16.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lotus Blossom

Score: 6.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 15.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 21.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 28.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Aquatic Panda

Score: 5.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 8.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Akira

Score: 7.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
MITREへのリンク →

ToddyCat

Score: 8.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT29

Score: 32.08
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Contagious Interview

Score: 31.96
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Scattered Spider

Score: 29.26
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

APT32

Score: 25.19
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 5.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 10.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 5.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
MITREへのリンク →

Winter Vivern

Score: 13.68
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

LazyScripter

Score: 5.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 12.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN7

Score: 13.17
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
MITREへのリンク →

Cobalt Group

Score: 12.19
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
MITREへのリンク →

Higaisa

Score: 4.81
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 8.58
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

HEXANE

Score: 11.21
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Gamaredon Group

Score: 21.73
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TA2541

Score: 8.07
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Daggerfly

Score: 5.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
MITREへのリンク →

Dragonfly

Score: 19.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1654 - Log Enumeration
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 16.75
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Ember Bear

Score: 6.79
Matched TTPs:
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Storm-0501

Score: 15.26
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027.014 - Polymorphic Code
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 26.09
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
MITREへのリンク →

Leviathan

Score: 14.82
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
MITREへのリンク →

TeamTNT

Score: 16.59
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 14.48
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Storm-1811

Score: 6.06
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT42

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

ZIRCONIUM

Score: 5.87
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Lazarus Group

Score: 31.08
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 7.24
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

APT38

Score: 16.47
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 6.73
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1573 - Encrypted Channel
MITREへのリンク →

CURIUM

Score: 7.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Medusa Group

Score: 12.57
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

LAPSUS$

Score: 14.06
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

Salt Typhoon

Score: 8.93
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Velvet Ant

Score: 8.27
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 8.27
Matched TTPs:
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 11.99
Matched TTPs:
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

Confucius

Score: 4.85
Matched TTPs:
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

APT18

Score: 3.84
Matched TTPs:
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1213.006 - Databases
  • T1027.014 - Polymorphic Code
  • T1608.005 - Link Target
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1654 - Log Enumeration
  • T1665 - Hide Infrastructure
  • T1131 - Authentication Package
  • T1098.007 - Additional Local or Domain Groups
  • T1560.001 - Archive via Utility
  • T1609 - Container Administration Command
  • T1183 - Image File Execution Options Injection
  • T1027.004 - Compile After Delivery
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
MITREへのリンク →

APT29

Score: 0.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1608.005 - Link Target
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1592.004 - Client Configurations
  • T1222.002 - Linux and Mac Permissions
  • T1027.004 - Compile After Delivery
  • T1556.008 - Network Provider DLL
  • T1177 - LSASS Driver
  • T1099 - Timestomp
MITREへのリンク →

Contagious Interview

Score: 0.57
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1608.005 - Link Target
  • T1044 - File System Permissions Weakness
  • T1546.013 - PowerShell Profile
  • T1131 - Authentication Package
  • T1547.005 - Security Support Provider
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027.004 - Compile After Delivery
  • T1562.001 - Disable or Modify Tools
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustang Panda

Score: 0.55
Matched TTPs:
  • T1136.003 - Cloud Account
  • T1608.005 - Link Target
  • T1546.013 - PowerShell Profile
  • T1136.001 - Local Account
  • T1098.007 - Additional Local or Domain Groups
  • T1560.001 - Archive via Utility
  • T1055.005 - Thread Local Storage
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1169 - Sudo
  • T1556 - Modify Authentication Process
MITREへのリンク →

Lazarus Group

Score: 0.55
Matched TTPs:
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
  • T1069.001 - Local Groups
  • T1547.011 - Plist Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1055.005 - Thread Local Storage
  • T1055.004 - Asynchronous Procedure Call
  • T1183 - Image File Execution Options Injection
  • T1562.001 - Disable or Modify Tools
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
  • T1009 - Binary Padding
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る