Trusted Design

Four published versions of a fake "tanstack" package uploaded in 27 minutes that want to steal your .env files

概要

An attacker registered the unscoped 'tanstack' name on npm and published four malicious versions (2.0.4-2.0.7) within 27 minutes on April 29, 2026. These packages contained postinstall hooks that automatically exfiltrated environment files containing sensitive credentials when developers ran npm install. The attacker exploited name confusion with the legitimate @tanstack organization, which publishes widely-used JavaScript libraries. The malicious code targeted .env files, stealing AWS keys, API tokens, database credentials, and OAuth secrets by sending them to an attacker-controlled Svix webhook endpoint. Version 2.0.6 was particularly dangerous, sweeping all .env variants in the working directory. The version history reveals live debugging by the attacker, who iteratively refined the payload targeting and stealth capabilities while the package remained publicly available with approximately 19,830 monthly downloads.

Created: 2026-05-05

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 38.51
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1071.005 - Publish/Subscribe Protocols
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1567.004 - Exfiltration Over Webhook
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT29

Score: 34.98
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1567.004 - Exfiltration Over Webhook
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
MITREへのリンク →

Scattered Spider

Score: 44.04
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1022 - Data Encrypted
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Turla

Score: 16.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT32

Score: 26.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1567.004 - Exfiltration Over Webhook
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 12.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1064 - Scripting
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

FIN6

Score: 8.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 6.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
MITREへのリンク →

MuddyWater

Score: 26.57
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1117 - Regsvr32
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Earth Lusca

Score: 15.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 12.56
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Silence

Score: 10.56
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 40.22
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1064 - Scripting
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 3.49
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

TA505

Score: 17.62
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 14.38
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cobalt Group

Score: 13.39
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Higaisa

Score: 10.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 59.41
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1567.004 - Exfiltration Over Webhook
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 13.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 12.66
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1117 - Regsvr32
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
MITREへのリンク →

Mustang Panda

Score: 36.22
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1567.004 - Exfiltration Over Webhook
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Magic Hound

Score: 24.92
Matched TTPs:
  • T1099 - Timestomp
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

HEXANE

Score: 10.95
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Gamaredon Group

Score: 30.36
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1562.001 - Disable or Modify Tools
  • T1086 - PowerShell
MITREへのリンク →

TA2541

Score: 6.06
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

Lotus Blossom

Score: 4.22
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
MITREへのリンク →

FIN13

Score: 17.86
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

HAFNIUM

Score: 9.82
Matched TTPs:
  • T1099 - Timestomp
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Volt Typhoon

Score: 28.09
Matched TTPs:
  • T1099 - Timestomp
  • T1071.005 - Publish/Subscribe Protocols
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN8

Score: 7.83
Matched TTPs:
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1556 - Modify Authentication Process
MITREへのリンク →

Daggerfly

Score: 6.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
MITREへのリンク →

GALLIUM

Score: 10.25
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
MITREへのリンク →

Dragonfly

Score: 18.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 20.19
Matched TTPs:
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1087.004 - Cloud Account
MITREへのリンク →

Agrius

Score: 7.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 21.07
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT5

Score: 10.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1180 - Screensaver
  • T1140 - Deobfuscate/Decode Files or Information
  • T1567.004 - Exfiltration Over Webhook
MITREへのリンク →

menuPass

Score: 13.64
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Threat Group-3390

Score: 14.62
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Wizard Spider

Score: 16.49
Matched TTPs:
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 14.22
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Storm-0501

Score: 14.53
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Darkhotel

Score: 7.84
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1064 - Scripting
MITREへのリンク →

Lazarus Group

Score: 40.18
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1567.004 - Exfiltration Over Webhook
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1086 - PowerShell
  • T1556 - Modify Authentication Process
MITREへのリンク →

ZIRCONIUM

Score: 13.26
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

RedCurl

Score: 14.29
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Stealth Falcon

Score: 8.31
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
MITREへのリンク →

Inception

Score: 5.27
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT33

Score: 13.81
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1117 - Regsvr32
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

BRONZE BUTLER

Score: 9.18
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Sandworm Team

Score: 31.97
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
MITREへのリンク →

Leviathan

Score: 18.26
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Rocke

Score: 20.78
Matched TTPs:
  • T1180 - Screensaver
  • T1140 - Deobfuscate/Decode Files or Information
  • T1567.004 - Exfiltration Over Webhook
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1022 - Data Encrypted
MITREへのリンク →

APT38

Score: 27.10
Matched TTPs:
  • T1180 - Screensaver
  • T1098.007 - Additional Local or Domain Groups
  • T1567.004 - Exfiltration Over Webhook
  • T1009 - Binary Padding
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

TeamTNT

Score: 22.69
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1022 - Data Encrypted
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 22.52
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1117 - Regsvr32
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1048 - Exfiltration Over Alternative Protocol
  • T1556 - Modify Authentication Process
MITREへのリンク →

Aquatic Panda

Score: 4.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 16.08
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1567.004 - Exfiltration Over Webhook
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1574 - Hijack Execution Flow
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 3.99
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT1

Score: 7.80
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 6.68
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1665 - Hide Infrastructure
MITREへのリンク →

Medusa Group

Score: 15.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sea Turtle

Score: 7.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1137.004 - Outlook Home Page
MITREへのリンク →

Fox Kitten

Score: 13.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1656 - Impersonation
MITREへのリンク →

Cinnamon Tempest

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BlackByte

Score: 15.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 6.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1665 - Hide Infrastructure
MITREへのリンク →

Blue Mockingbird

Score: 4.22
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

INC Ransom

Score: 9.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

UNC3886

Score: 18.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.011 - Application Shimming
  • T1567.004 - Exfiltration Over Webhook
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Moses Staff

Score: 5.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Axiom

Score: 4.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
MITREへのリンク →

Play

Score: 8.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Salt Typhoon

Score: 10.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT39

Score: 10.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 11.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT42

Score: 8.31
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Moonstone Sleet

Score: 11.05
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

CURIUM

Score: 5.78
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
MITREへのリンク →

LAPSUS$

Score: 17.38
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Velvet Ant

Score: 6.54
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT3

Score: 12.00
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
MITREへのリンク →

APT19

Score: 6.56
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1027.014 - Polymorphic Code
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Tropic Trooper

Score: 11.72
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT37

Score: 4.68
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

LuminousMoth

Score: 5.41
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Confucius

Score: 4.81
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Dark Caracal

Score: 3.44
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1098.007 - Additional Local or Domain Groups
  • T1213.006 - Databases
  • T1546.008 - Accessibility Features
  • T1590.006 - Network Security Appliances
  • T1183 - Image File Execution Options Injection
  • T1197 - BITS Jobs
  • T1027.004 - Compile After Delivery
  • T1131 - Authentication Package
  • T1665 - Hide Infrastructure
  • T1546.011 - Application Shimming
  • T1051 - Shared Webroot
  • T1546.013 - PowerShell Profile
  • T1030 - Data Transfer Size Limits
  • T1009 - Binary Padding
  • T1140 - Deobfuscate/Decode Files or Information
  • T1609 - Container Administration Command
  • T1597 - Search Closed Sources
  • T1567.004 - Exfiltration Over Webhook
  • T1027.014 - Polymorphic Code
  • T1656 - Impersonation
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る