Trusted Design

A rigged game: compromises gaming platform in a supply-chain attack

概要

North Korea-aligned APT group ScarCruft executed a multiplatform supply-chain attack targeting ethnic Koreans in China's Yanbian region, an area significant for North Korean refugees and defectors. Since late 2024, the group compromised a video gaming platform dedicated to Yanbian-themed games, trojanizing both Windows and Android components with the BirdCall backdoor. The Windows client received malicious updates leading to RokRAT and subsequently BirdCall deployment, while Android games were directly trojanized. This marks the first discovery of Android BirdCall, capable of comprehensive surveillance including data collection, screenshots, and voice recording. The campaign focuses on espionage against individuals of interest to the North Korean regime, particularly refugees and defectors.

Created: 2026-05-05

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 11.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 14.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 13.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

APT33

Score: 3.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Fox Kitten

Score: 12.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 18.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT1

Score: 9.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 28.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Play

Score: 7.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 10.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 9.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 15.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1599 - Network Boundary Bridging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 10.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT5

Score: 5.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 5.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 8.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 22.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
MITREへのリンク →

MuddyWater

Score: 14.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT28

Score: 28.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1222.002 - Linux and Mac Permissions
  • T1040 - Network Sniffing
  • T1098.007 - Additional Local or Domain Groups
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 36.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1131 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BRONZE BUTLER

Score: 12.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

UNC3886

Score: 16.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 46.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 9.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN8

Score: 8.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Ke3chang

Score: 21.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lotus Blossom

Score: 6.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 15.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 19.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 27.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Aquatic Panda

Score: 7.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

INC Ransom

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 5.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT32

Score: 28.68
Matched TTPs:
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT29

Score: 28.20
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Contagious Interview

Score: 37.04
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
  • T1651 - Cloud Administration Command
MITREへのリンク →

Scattered Spider

Score: 35.04
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Saint Bear

Score: 6.11
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 11.60
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Sidewinder

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

Winter Vivern

Score: 12.74
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 8.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

LazyScripter

Score: 8.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 16.96
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 20.19
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 11.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
MITREへのリンク →

Indrik Spider

Score: 10.92
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 8.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1601.001 - Patch System Image
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

HEXANE

Score: 13.08
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

Gamaredon Group

Score: 24.51
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1040 - Network Sniffing
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

TA2541

Score: 6.06
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

Dragonfly

Score: 15.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 5.84
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Ember Bear

Score: 12.97
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

OilRig

Score: 20.67
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1592.002 - Software
MITREへのリンク →

Tropic Trooper

Score: 14.56
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Storm-0501

Score: 11.01
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027 - Obfuscated Files or Information
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 31.90
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Leviathan

Score: 12.07
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

TeamTNT

Score: 16.69
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT37

Score: 7.61
Matched TTPs:
  • T1040 - Network Sniffing
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BackdoorDiplomacy

Score: 4.66
Matched TTPs:
  • T1040 - Network Sniffing
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Storm-1811

Score: 12.24
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT42

Score: 7.65
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1599 - Network Boundary Bridging
MITREへのリンク →

ZIRCONIUM

Score: 7.30
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Lazarus Group

Score: 23.49
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

APT38

Score: 18.81
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 9.58
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

CURIUM

Score: 7.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
MITREへのリンク →

LAPSUS$

Score: 14.06
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

Salt Typhoon

Score: 6.19
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Medusa Group

Score: 10.63
Matched TTPs:
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Velvet Ant

Score: 10.94
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 10.61
Matched TTPs:
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

APT19

Score: 4.20
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1601.001 - Patch System Image
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1656 - Impersonation
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1546.013 - PowerShell Profile
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1098.007 - Additional Local or Domain Groups
  • T1197 - BITS Jobs
  • T1213.006 - Databases
  • T1027.004 - Compile After Delivery
  • T1560.001 - Archive via Utility
  • T1546.011 - Application Shimming
  • T1490 - Inhibit System Recovery
  • T1609 - Container Administration Command
  • T1601.001 - Patch System Image
  • T1131 - Authentication Package
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Contagious Interview

Score: 0.55
Matched TTPs:
  • T1656 - Impersonation
  • T1183 - Image File Execution Options Injection
  • T1547.005 - Security Support Provider
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1098.007 - Additional Local or Domain Groups
  • T1651 - Cloud Administration Command
  • T1044 - File System Permissions Weakness
  • T1021.006 - Windows Remote Management
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1562.001 - Disable or Modify Tools
  • T1131 - Authentication Package
MITREへのリンク →

Turla

Score: 0.55
Matched TTPs:
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1063 - Security Software Discovery
  • T1099 - Timestomp
  • T1560.001 - Archive via Utility
  • T1490 - Inhibit System Recovery
  • T1040 - Network Sniffing
  • T1055.004 - Asynchronous Procedure Call
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1131 - Authentication Package
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る