Trusted Design

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor

概要

The Harvester APT group has developed a new Linux version of its GoGra backdoor that uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel. The malware employs social engineering lures with tailored decoy documents, masquerading malicious ELF files as standard documents. Initial VirusTotal submissions originated from India and Afghanistan, indicating these regions as primary targets. The backdoor uses hardcoded Azure AD credentials to poll a specific mailbox folder at two-second intervals, executing commands received via encrypted emails and exfiltrating results through reply messages. Analysis confirms this Linux variant shares nearly identical code with a previously known Windows version, including matching spelling errors, demonstrating Harvester's multi-platform development strategy and continued focus on South Asian espionage operations.

Created: 2026-05-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 6.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1608.005 - Link Target
MITREへのリンク →

menuPass

Score: 14.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 19.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1183 - Image File Execution Options Injection
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT33

Score: 6.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Fox Kitten

Score: 12.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 33.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1535 - Unused/Unsupported Cloud Regions
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1584.002 - DNS Server
MITREへのリンク →

APT1

Score: 18.62
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1007 - System Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1053.002 - At
MITREへのリンク →

Mustang Panda

Score: 30.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Play

Score: 8.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
MITREへのリンク →

Chimera

Score: 13.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1007 - System Service Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 6.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT39

Score: 9.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 19.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT5

Score: 9.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1180 - Screensaver
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 5.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 8.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 39.04
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
MITREへのリンク →

MuddyWater

Score: 22.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT28

Score: 18.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Turla

Score: 26.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

Sowbug

Score: 3.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 12.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

UNC3886

Score: 14.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 57.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1526 - Cloud Service Discovery
  • T1126 - Network Share Connection Removal
  • T1053.002 - At
MITREへのリンク →

APT3

Score: 15.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
MITREへのリンク →

FIN8

Score: 14.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Ke3chang

Score: 16.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lotus Blossom

Score: 9.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1109 - Component Firmware
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 23.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 13.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 33.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1053.002 - At
MITREへのリンク →

Aquatic Panda

Score: 7.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

INC Ransom

Score: 13.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 3.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT29

Score: 36.62
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT32

Score: 26.70
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1007 - System Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Saint Bear

Score: 5.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 8.38
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
MITREへのリンク →

Sidewinder

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

Winter Vivern

Score: 10.06
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
MITREへのリンク →

Silence

Score: 12.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 36.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1126 - Network Share Connection Removal
MITREへのリンク →

LazyScripter

Score: 7.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 22.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 15.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 20.93
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
MITREへのリンク →

Indrik Spider

Score: 17.07
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 6.36
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 7.94
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 15.18
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

LuminousMoth

Score: 6.47
Matched TTPs:
  • T1109 - Component Firmware
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Sandworm Team

Score: 33.55
Matched TTPs:
  • T1109 - Component Firmware
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Scattered Spider

Score: 42.68
Matched TTPs:
  • T1109 - Component Firmware
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1535 - Unused/Unsupported Cloud Regions
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

APT42

Score: 9.58
Matched TTPs:
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1128 - Netsh Helper DLL
MITREへのリンク →

HEXANE

Score: 13.08
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

Gamaredon Group

Score: 19.46
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

TA2541

Score: 10.82
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Mustard Tempest

Score: 7.82
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1053.002 - At
MITREへのリンク →

Daggerfly

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1573 - Encrypted Channel
MITREへのリンク →

Dragonfly

Score: 15.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 19.50
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Ember Bear

Score: 12.75
Matched TTPs:
  • T1584.008 - Network Devices
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Storm-0501

Score: 27.59
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1535 - Unused/Unsupported Cloud Regions
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Leviathan

Score: 10.68
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Rocke

Score: 13.82
Matched TTPs:
  • T1180 - Screensaver
  • T1535 - Unused/Unsupported Cloud Regions
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 30.69
Matched TTPs:
  • T1180 - Screensaver
  • T1007 - System Service Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

TeamTNT

Score: 13.53
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1535 - Unused/Unsupported Cloud Regions
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 22.17
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1048 - Exfiltration Over Alternative Protocol
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Tonto Team

Score: 7.48
Matched TTPs:
  • T1007 - System Service Discovery
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

DarkVishnya

Score: 4.80
Matched TTPs:
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Medusa Group

Score: 19.58
Matched TTPs:
  • T1007 - System Service Discovery
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
MITREへのリンク →

BlackByte

Score: 10.67
Matched TTPs:
  • T1007 - System Service Discovery
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Tropic Trooper

Score: 14.30
Matched TTPs:
  • T1007 - System Service Discovery
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1128 - Netsh Helper DLL
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 5.71
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1601.001 - Patch System Image
MITREへのリンク →

Storm-1811

Score: 11.32
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Transparent Tribe

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

ZIRCONIUM

Score: 5.87
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedEcho

Score: 6.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Lazarus Group

Score: 23.16
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Moonstone Sleet

Score: 12.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1126 - Network Share Connection Removal
MITREへのリンク →

CURIUM

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

LAPSUS$

Score: 14.06
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

Cinnamon Tempest

Score: 5.96
Matched TTPs:
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Velvet Ant

Score: 8.68
Matched TTPs:
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

Dark Caracal

Score: 3.44
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

TA551

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

APT19

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.79
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 7.42
Matched TTPs:
  • T1584.002 - DNS Server
  • T1053.002 - At
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1526 - Cloud Service Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1656 - Impersonation
  • T1051 - Shared Webroot
  • T1109 - Component Firmware
  • T1608.005 - Link Target
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1546.008 - Accessibility Features
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1609 - Container Administration Command
  • T1126 - Network Share Connection Removal
  • T1213.006 - Databases
  • T1526 - Cloud Service Discovery
  • T1053.002 - At
  • T1131 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1597 - Search Closed Sources
  • T1183 - Image File Execution Options Injection
  • T1601.001 - Patch System Image
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る