Trusted Design

DinDoor Backdoor: Deno Runtime Abuse and 20 Active C2 Servers

概要

DinDoor is a Deno-based backdoor delivered via MSI files that exploits the Deno runtime to execute obfuscated JavaScript for command and control communications and system fingerprinting. Two analyzed samples show different execution behaviors: one writes JavaScript to disk while the other executes entirely in memory. Both samples use identical fingerprinting algorithms generating unique victim identifiers. One sample contains an embedded JWT exposing campaign metadata and the domain serialmenot[.]com, identified as multi-tenant infrastructure serving multiple threat actors including state-sponsored groups and cybercriminals. Analysis of HTTP response headers enabled identification of 20 active C2 servers across 15 autonomous systems, many using bulletproof hosting providers. The malicious infrastructure uses Caddy proxy with distinctive headers allowing network-based detection.

Created: 2026-05-23

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 11.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

menuPass

Score: 17.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1209 - Time Providers
MITREへのリンク →

Wizard Spider

Score: 16.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT33

Score: 9.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Fox Kitten

Score: 11.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1209 - Time Providers
MITREへのリンク →

Volt Typhoon

Score: 34.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 13.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 36.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Play

Score: 8.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Chimera

Score: 13.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 11.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT39

Score: 13.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

RedCurl

Score: 21.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

APT5

Score: 5.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 7.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 10.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 26.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

MuddyWater

Score: 26.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1547.012 - Print Processors
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT28

Score: 22.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1574.009 - Path Interception by Unquoted Path
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 23.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BRONZE BUTLER

Score: 14.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

UNC3886

Score: 24.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 45.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 14.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
MITREへのリンク →

FIN8

Score: 9.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ke3chang

Score: 18.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lotus Blossom

Score: 9.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1209 - Time Providers
MITREへのリンク →

FIN13

Score: 22.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Earth Lusca

Score: 12.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 34.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Aquatic Panda

Score: 3.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 12.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 8.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT29

Score: 36.06
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Scattered Spider

Score: 38.52
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN4

Score: 6.77
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT32

Score: 30.43
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1484 - Domain or Tenant Policy Modification
MITREへのリンク →

Saint Bear

Score: 9.96
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1064 - Scripting
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 11.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
MITREへのリンク →

Sidewinder

Score: 9.36
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA577

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Winter Vivern

Score: 13.59
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Silence

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 29.43
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1064 - Scripting
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

LazyScripter

Score: 4.94
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

TA505

Score: 20.25
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN7

Score: 17.29
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Cobalt Group

Score: 17.97
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1573 - Encrypted Channel
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Higaisa

Score: 7.46
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 10.92
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Molerats

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Leafminer

Score: 10.80
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
  • T1209 - Time Providers
MITREへのリンク →

Evilnum

Score: 6.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

HEXANE

Score: 12.68
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Gamaredon Group

Score: 24.75
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1547.012 - Print Processors
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA2541

Score: 7.51
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

Mustard Tempest

Score: 5.98
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
MITREへのリンク →

Daggerfly

Score: 10.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1573 - Encrypted Channel
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Dragonfly

Score: 19.66
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 20.48
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Ember Bear

Score: 15.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1209 - Time Providers
  • T1003.003 - NTDS
MITREへのリンク →

Storm-0501

Score: 17.78
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 35.60
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Leviathan

Score: 17.36
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1488 - Disk Content Wipe
MITREへのリンク →

BlackTech

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1209 - Time Providers
MITREへのリンク →

LuminousMoth

Score: 6.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.009 - Path Interception by Unquoted Path
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Confucius

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Machete

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Lazarus Group

Score: 32.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

ZIRCONIUM

Score: 6.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1027.004 - Compile After Delivery
MITREへのリンク →

EXOTIC LILY

Score: 5.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

OilRig

Score: 20.86
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1592.002 - Software
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Storm-1811

Score: 12.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Patchwork

Score: 8.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1530 - Data from Cloud Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT42

Score: 7.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Medusa Group

Score: 17.03
Matched TTPs:
  • T1547.012 - Print Processors
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

RedEcho

Score: 5.10
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Silent Librarian

Score: 7.24
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

APT38

Score: 15.46
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Moonstone Sleet

Score: 11.73
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TeamTNT

Score: 17.17
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

CURIUM

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

LAPSUS$

Score: 14.06
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

Rocke

Score: 11.83
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Velvet Ant

Score: 8.27
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 15.03
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

SilverTerrier

Score: 4.47
Matched TTPs:
  • T1131 - Authentication Package
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

admin@338

Score: 3.20
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT19

Score: 5.00
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Stealth Falcon

Score: 5.00
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Tropic Trooper

Score: 16.41
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

Naikon

Score: 3.24
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1209 - Time Providers
MITREへのリンク →

Darkhotel

Score: 5.31
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1064 - Scripting
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

APT37

Score: 5.87
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BackdoorDiplomacy

Score: 3.50
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1209 - Time Providers
MITREへのリンク →

WIRTE

Score: 3.59
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

DarkVishnya

Score: 8.70
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
  • T1209 - Time Providers
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

APT18

Score: 5.03
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1609 - Container Administration Command
  • T1543.003 - Windows Service
  • T1027.004 - Compile After Delivery
  • T1009 - Binary Padding
  • T1565.002 - Transmitted Data Manipulation
  • T1051 - Shared Webroot
  • T1665 - Hide Infrastructure
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1213.006 - Databases
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1560.001 - Archive via Utility
  • T1131 - Authentication Package
  • T1003.003 - NTDS
  • T1546.011 - Application Shimming
  • T1556.005 - Reversible Encryption
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Scattered Spider

Score: 0.59
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1609 - Container Administration Command
  • T1547.005 - Security Support Provider
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1051 - Shared Webroot
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1083 - File and Directory Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
  • T1590.006 - Network Security Appliances
  • T1666 - Modify Cloud Resource Hierarchy
  • T1556.008 - Network Provider DLL
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1136.003 - Cloud Account
  • T1209 - Time Providers
  • T1543.003 - Windows Service
  • T1055.013 - Process Doppelgänging
  • T1169 - Sudo
  • T1055.004 - Asynchronous Procedure Call
  • T1565.002 - Transmitted Data Manipulation
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.005 - Thread Local Storage
  • T1560.001 - Archive via Utility
  • T1546.011 - Application Shimming
  • T1556.005 - Reversible Encryption
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

APT29

Score: 0.55
Matched TTPs:
  • T1202 - Indirect Command Execution
  • T1556.008 - Network Provider DLL
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1177 - LSASS Driver
  • T1099 - Timestomp
  • T1027.004 - Compile After Delivery
  • T1547.011 - Plist Modification
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1222.002 - Linux and Mac Permissions
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る