Trusted Design

Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware

概要

A supply chain operation dubbed 'Mini Shai Hulud' compromised SAP-related npm packages by injecting malicious preinstall scripts that execute during installation. The campaign leverages multi-stage payloads to harvest developer and CI/CD secrets from GitHub, npm, and major cloud providers, exfiltrating data via attacker-controlled GitHub repositories. Malicious versions of legitimate SAP ecosystem packages execute obfuscated payloads that collect GitHub tokens, npm credentials, cloud secrets from AWS, Azure and GCP, Kubernetes tokens, and GitHub Actions secrets. The malware includes propagation logic to infect additional repositories and features browser credential theft capabilities. It performs language checks to avoid Russian-speaking systems. Attribution points to TeamPCP based on shared RSA public keys and overlapping techniques from previous operations.

Created: 2026-05-01

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Inception

Score: 8.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1159 - Launch Agent
MITREへのリンク →

APT28

Score: 23.07
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1197 - BITS Jobs
  • T1668 - Exclusive Control
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT18

Score: 3.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 8.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
MITREへのリンク →

Sidewinder

Score: 12.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

APT39

Score: 8.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lazarus Group

Score: 24.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
MITREへのリンク →

Saint Bear

Score: 5.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
MITREへのリンク →

APT33

Score: 5.07
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
MITREへのリンク →

BITTER

Score: 6.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 9.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Higaisa

Score: 3.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.004 - Cloud Account
MITREへのリンク →

Fox Kitten

Score: 15.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 12.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA2541

Score: 10.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Malteiro

Score: 7.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Magic Hound

Score: 23.34
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Storm-1811

Score: 3.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Blue Mockingbird

Score: 9.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 12.95
Matched TTPs:
  • T1491.002 - External Defacement
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1128 - Netsh Helper DLL
  • T1159 - Launch Agent
MITREへのリンク →

Contagious Interview

Score: 32.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
MITREへのリンク →

menuPass

Score: 13.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Moses Staff

Score: 7.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

TeamTNT

Score: 14.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Metador

Score: 4.26
Matched TTPs:
  • T1491.002 - External Defacement
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 15.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT32

Score: 23.49
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Moonstone Sleet

Score: 22.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

Daggerfly

Score: 5.88
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
MITREへのリンク →

GALLIUM

Score: 16.77
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT29

Score: 34.80
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1036.004 - Masquerade Task or Service
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1223 - Compiled HTML File
  • T1555.004 - Windows Credential Manager
  • T1608.006 - SEO Poisoning
MITREへのリンク →

FIN13

Score: 19.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
  • T1668 - Exclusive Control
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Dragonfly

Score: 25.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1193 - Spearphishing Attachment
  • T1175 - Component Object Model and Distributed COM
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 20.30
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1102.002 - Bidirectional Communication
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 41.80
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT5

Score: 9.64
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 18.90
Matched TTPs:
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Ember Bear

Score: 22.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 16.51
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 17.09
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 16.18
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

Kimsuky

Score: 45.30
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 11.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 15.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 9.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
MITREへのリンク →

Sandworm Team

Score: 35.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
MITREへのリンク →

Salt Typhoon

Score: 10.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 8.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

RedCurl

Score: 6.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1562.012 - Disable or Modify Linux Audit System
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Turla

Score: 16.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1134 - Access Token Manipulation
MITREへのリンク →

Mustang Panda

Score: 25.95
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1136.003 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

FIN7

Score: 21.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Scattered Spider

Score: 38.10
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 24.37
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1090.004 - Domain Fronting
  • T1518.001 - Security Software Discovery
  • T1158 - Hidden Files and Directories
MITREへのリンク →

FIN6

Score: 19.70
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1128 - Netsh Helper DLL
  • T1203 - Exploitation for Client Execution
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Silent Librarian

Score: 10.01
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 14.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
  • T1197 - BITS Jobs
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Star Blizzard

Score: 11.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 12.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Patchwork

Score: 4.51
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

HAFNIUM

Score: 20.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1134 - Access Token Manipulation
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Rocke

Score: 14.21
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
MITREへのリンク →

INC Ransom

Score: 12.21
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Velvet Ant

Score: 12.06
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Earth Lusca

Score: 15.02
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1218.001 - Compiled HTML File
  • T1134 - Access Token Manipulation
MITREへのリンク →

LazyScripter

Score: 4.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
MITREへのリンク →

Gamaredon Group

Score: 23.77
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1203 - Exploitation for Client Execution
  • T1059.013 - Container CLI/API
MITREへのリンク →

SideCopy

Score: 10.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

BlackByte

Score: 25.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1175 - Component Object Model and Distributed COM
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1134 - Access Token Manipulation
MITREへのリンク →

EXOTIC LILY

Score: 8.10
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
MITREへのリンク →

APT42

Score: 11.58
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Volt Typhoon

Score: 20.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1057 - Process Discovery
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

BackdoorDiplomacy

Score: 5.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 20.49
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

ToddyCat

Score: 9.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

Winter Vivern

Score: 9.59
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

MuddyWater

Score: 17.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1159 - Launch Agent
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT38

Score: 22.92
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

APT3

Score: 13.25
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

Stealth Falcon

Score: 4.03
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
MITREへのリンク →

Leafminer

Score: 8.13
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1134 - Access Token Manipulation
MITREへのリンク →

LAPSUS$

Score: 20.16
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1564.003 - Hidden Window
MITREへのリンク →

APT1

Score: 6.77
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1668 - Exclusive Control
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

Windigo

Score: 5.09
Matched TTPs:
  • T1045 - Software Packing
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 3.77
Matched TTPs:
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

BRONZE BUTLER

Score: 9.93
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

Lotus Blossom

Score: 7.12
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 13.96
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

Confucius

Score: 4.31
Matched TTPs:
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Aquatic Panda

Score: 4.54
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
MITREへのリンク →

FIN8

Score: 8.05
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1690 - Prevent Command History Logging
  • T1562.012 - Disable or Modify Linux Audit System
  • T1091 - Replication Through Removable Media
  • T1566.002 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1668 - Exclusive Control
  • T1183 - Image File Execution Options Injection
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1087.004 - Cloud Account
  • T1041 - Exfiltration Over C2 Channel
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1606.002 - SAML Tokens
  • T1003.003 - NTDS
MITREへのリンク →

APT41

Score: 0.65
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
  • T1134 - Access Token Manipulation
  • T1055.004 - Asynchronous Procedure Call
  • T1002 - Data Compressed
  • T1584.008 - Network Devices
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1208 - Kerberoasting
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1564.003 - Hidden Window
  • T1027 - Obfuscated Files or Information
  • T1177 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 0.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1134 - Access Token Manipulation
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1197 - BITS Jobs
  • T1157 - Dylib Hijacking
  • T1027.002 - Software Packing
  • T1019 - System Firmware
  • T1090.004 - Domain Fronting
  • T1597 - Search Closed Sources
  • T1045 - Software Packing
  • T1564.003 - Hidden Window
  • T1087.004 - Cloud Account
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sandworm Team

Score: 0.55
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1091 - Replication Through Removable Media
  • T1566.002 - Spearphishing Link
  • T1134 - Access Token Manipulation
  • T1055.004 - Asynchronous Procedure Call
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1157 - Dylib Hijacking
  • T1140 - Deobfuscate/Decode Files or Information
  • T1063 - Security Software Discovery
  • T1045 - Software Packing
  • T1087.004 - Cloud Account
  • T1075 - Pass the Hash
  • T1027 - Obfuscated Files or Information
  • T1606.002 - SAML Tokens
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る