Pulse Detail-

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

概要

Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...

Created: 2026-05-12

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 37.97

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1685.004 - Disable or Modify Linux Audit System Log
T1070.002 - Clear Linux or Mac System Logs
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1609 - Container Administration Command
T1083 - File and Directory Discovery
T1552.003 - Shell History
T1556.008 - Network Provider DLL
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1564.003 - Hidden Window

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy

MITREへのリンク →

Turla

Score: 23.70

Matched TTPs:

T1546.013 - PowerShell Profile
T1063 - Security Software Discovery
T1003.007 - Proc Filesystem
T1131 - Authentication Package
T1608.005 - Link Target
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1027.004 - Compile After Delivery

MITREへのリンク →

APT32

Score: 25.55

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1131 - Authentication Package
T1592.004 - Client Configurations
T1588.001 - Malware
T1608.005 - Link Target
T1562.001 - Disable or Modify Tools
T1027.014 - Polymorphic Code
T1556 - Modify Authentication Process

MITREへのリンク →

Saint Bear

Score: 5.78

Matched TTPs:

T1546.013 - PowerShell Profile
T1608.005 - Link Target
T1597 - Search Closed Sources

MITREへのリンク →

FIN6

Score: 12.23

Matched TTPs:

T1546.013 - PowerShell Profile
T1063 - Security Software Discovery
T1588.001 - Malware
T1597 - Search Closed Sources
T1556 - Modify Authentication Process

MITREへのリンク →

Sidewinder

Score: 5.26

Matched TTPs:

T1546.013 - PowerShell Profile
T1090 - Proxy

MITREへのリンク →

MuddyWater

Score: 12.34

Matched TTPs:

T1546.013 - PowerShell Profile
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Earth Lusca

Score: 19.30

Matched TTPs:

T1546.013 - PowerShell Profile
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1110.003 - Password Spraying
T1608.005 - Link Target
T1218.001 - Compiled HTML File
T1027.004 - Compile After Delivery

MITREへのリンク →

Winter Vivern

Score: 13.96

Matched TTPs:

T1546.013 - PowerShell Profile
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1090 - Proxy
T1588.001 - Malware
T1218.001 - Compiled HTML File

MITREへのリンク →

Silence

Score: 10.56

Matched TTPs:

T1546.013 - PowerShell Profile
T1547.011 - Plist Modification
T1048 - Exfiltration Over Alternative Protocol
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Contagious Interview

Score: 38.32

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1131 - Authentication Package
T1021.006 - Windows Remote Management
T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1608.005 - Link Target
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery
T1651 - Cloud Administration Command
T1126 - Network Share Connection Removal
T1556 - Modify Authentication Process

MITREへのリンク →

LazyScripter

Score: 5.50

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

TA505

Score: 15.09

Matched TTPs:

T1546.013 - PowerShell Profile
T1527 - Application Access Token
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

FIN7

Score: 19.77

Matched TTPs:

T1546.013 - PowerShell Profile
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1588.001 - Malware
T1608.005 - Link Target
T1562.001 - Disable or Modify Tools
T1027 - Obfuscated Files or Information
T1065 - Uncommonly Used Port

MITREへのリンク →

Cobalt Group

Score: 9.26

Matched TTPs:

T1546.013 - PowerShell Profile
T1598.004 - Spearphishing Voice
T1027.014 - Polymorphic Code

MITREへのリンク →

Higaisa

Score: 6.90

Matched TTPs:

T1546.013 - PowerShell Profile
T1588.001 - Malware
T1665 - Hide Infrastructure

MITREへのリンク →

Kimsuky

Score: 47.41

Matched TTPs:

T1546.013 - PowerShell Profile
T1213.006 - Databases
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1546.011 - Application Shimming
T1009 - Binary Padding
T1131 - Authentication Package
T1183 - Image File Execution Options Injection
T1588.001 - Malware
T1609 - Container Administration Command
T1552.003 - Shell History
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027.014 - Polymorphic Code
T1027.004 - Compile After Delivery
T1126 - Network Share Connection Removal
T1665 - Hide Infrastructure

MITREへのリンク →

Indrik Spider

Score: 10.92

Matched TTPs:

T1546.013 - PowerShell Profile
T1003.007 - Proc Filesystem
T1183 - Image File Execution Options Injection
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Leafminer

Score: 6.51

Matched TTPs:

T1546.013 - PowerShell Profile
T1101 - Security Support Provider

MITREへのリンク →

Mustang Panda

Score: 31.72

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1546.011 - Application Shimming
T1183 - Image File Execution Options Injection
T1136.001 - Local Account
T1608.005 - Link Target
T1169 - Sudo
T1136.003 - Cloud Account
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

TA578

Score: 3.99

Matched TTPs:

T1546.013 - PowerShell Profile
T1608.005 - Link Target

MITREへのリンク →

Evilnum

Score: 5.41

Matched TTPs:

T1546.013 - PowerShell Profile
T1562.009 - Safe Mode Boot

MITREへのリンク →

Star Blizzard

Score: 12.15

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection
T1609 - Container Administration Command

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1682 - Query Public AI Services

MITREへのリンク →

GALLIUM

Score: 6.81

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification

MITREへのリンク →

APT29

Score: 26.67

Matched TTPs:

T1584.008 - Network Devices
T1202 - Indirect Command Execution
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1592.004 - Client Configurations
T1608.005 - Link Target
T1556.008 - Network Provider DLL
T1027.004 - Compile After Delivery

MITREへのリンク →

FIN13

Score: 15.74

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1588.001 - Malware
T1552.003 - Shell History
T1134.001 - Token Impersonation/Theft

MITREへのリンク →

Dragonfly

Score: 16.92

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1097 - Pass the Ticket
T1531 - Account Access Removal
T1027.004 - Compile After Delivery

MITREへのリンク →

Ke3chang

Score: 14.41

Matched TTPs:

T1584.008 - Network Devices
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1198 - SIP and Trust Provider Hijacking
T1090 - Proxy

MITREへのリンク →

Agrius

Score: 8.38

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1097 - Pass the Ticket
T1597 - Search Closed Sources

MITREへのリンク →

APT41

Score: 29.57

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1588.001 - Malware
T1048 - Exfiltration Over Alternative Protocol
T1097 - Pass the Ticket
T1208 - Kerberoasting
T1027 - Obfuscated Files or Information
T1574.009 - Path Interception by Unquoted Path
T1564.003 - Hidden Window

MITREへのリンク →

APT5

Score: 4.06

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

menuPass

Score: 12.17

Matched TTPs:

T1584.008 - Network Devices
T1527 - Application Access Token
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1547.011 - Plist Modification

MITREへのリンク →

Threat Group-3390

Score: 13.15

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1218.003 - CMSTP
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

Wizard Spider

Score: 15.14

Matched TTPs:

T1584.008 - Network Devices
T1183 - Image File Execution Options Injection
T1588.001 - Malware
T1083 - File and Directory Discovery
T1597 - Search Closed Sources
T1556 - Modify Authentication Process

MITREへのリンク →

Ember Bear

Score: 10.78

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Storm-0501

Score: 30.06

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1686.003 - Windows Host Firewall
T1070.002 - Clear Linux or Mac System Logs
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1552.003 - Shell History
T1097 - Pass the Ticket
T1027 - Obfuscated Files or Information
T1027.014 - Polymorphic Code
T1158 - Hidden Files and Directories

MITREへのリンク →

Sandworm Team

Score: 29.77

Matched TTPs:

T1063 - Security Software Discovery
T1484.002 - Trust Modification
T1686.003 - Windows Host Firewall
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1183 - Image File Execution Options Injection
T1562.001 - Disable or Modify Tools
T1027 - Obfuscated Files or Information
T1075 - Pass the Hash

MITREへのリンク →

Sea Turtle

Score: 6.61

Matched TTPs:

T1063 - Security Software Discovery
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

Leviathan

Score: 16.29

Matched TTPs:

T1484.002 - Trust Modification
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1554 - Compromise Host Software Binary
T1027.014 - Polymorphic Code

MITREへのリンク →

Gamaredon Group

Score: 22.43

Matched TTPs:

T1527 - Application Access Token
T1562.009 - Safe Mode Boot
T1098.007 - Additional Local or Domain Groups
T1090 - Proxy
T1608.005 - Link Target
T1554 - Compromise Host Software Binary
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Volt Typhoon

Score: 32.55

Matched TTPs:

T1562.009 - Safe Mode Boot
T1686.003 - Windows Host Firewall
T1003.007 - Proc Filesystem
T1556.002 - Password Filter DLL
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1083 - File and Directory Discovery
T1584.002 - DNS Server
T1065 - Uncommonly Used Port
T1665 - Hide Infrastructure

MITREへのリンク →

Darkhotel

Score: 3.44

Matched TTPs:

T1562.009 - Safe Mode Boot

MITREへのリンク →

OilRig

Score: 18.53

Matched TTPs:

T1562.009 - Safe Mode Boot
T1003.007 - Proc Filesystem
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1048 - Exfiltration Over Alternative Protocol
T1097 - Pass the Ticket
T1556 - Modify Authentication Process

MITREへのリンク →

LAPSUS$

Score: 21.52

Matched TTPs:

T1070.002 - Clear Linux or Mac System Logs
T1547.005 - Security Support Provider
T1609 - Container Administration Command
T1556.008 - Network Provider DLL
T1065 - Uncommonly Used Port
T1564.003 - Hidden Window

MITREへのリンク →

BRONZE BUTLER

Score: 10.51

Matched TTPs:

T1003.007 - Proc Filesystem
T1592.004 - Client Configurations
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

TeamTNT

Score: 14.86

Matched TTPs:

T1003.007 - Proc Filesystem
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1110.003 - Password Spraying
T1597 - Search Closed Sources
T1665 - Hide Infrastructure

MITREへのリンク →

Aquatic Panda

Score: 6.42

Matched TTPs:

T1003.007 - Proc Filesystem
T1588.001 - Malware
T1597 - Search Closed Sources

MITREへのリンク →

Chimera

Score: 5.36

Matched TTPs:

T1003.007 - Proc Filesystem
T1665 - Hide Infrastructure

MITREへのリンク →

APT1

Score: 6.33

Matched TTPs:

T1003.007 - Proc Filesystem
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection

MITREへのリンク →

UNC3886

Score: 22.15

Matched TTPs:

T1556.002 - Password Filter DLL
T1140 - Deobfuscate/Decode Files or Information
T1546.011 - Application Shimming
T1009 - Binary Padding
T1021.006 - Windows Remote Management
T1588.001 - Malware
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Rocke

Score: 10.35

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery

MITREへのリンク →

APT28

Score: 21.13

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1131 - Authentication Package
T1547.011 - Plist Modification
T1608.005 - Link Target
T1097 - Pass the Ticket
T1574.009 - Path Interception by Unquoted Path
T1055.008 - Ptrace System Calls

MITREへのリンク →

BackdoorDiplomacy

Score: 3.57

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware

MITREへのリンク →

Magic Hound

Score: 24.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1547.005 - Security Support Provider
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1588.001 - Malware
T1608.005 - Link Target
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1027 - Obfuscated Files or Information

MITREへのリンク →

Medusa Group

Score: 18.90

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1608.005 - Link Target
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Fox Kitten

Score: 9.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1588.001 - Malware
T1097 - Pass the Ticket

MITREへのリンク →

Cinnamon Tempest

Score: 6.33

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1027.004 - Compile After Delivery

MITREへのリンク →

BlackByte

Score: 12.08

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1134.001 - Token Impersonation/Theft
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

ToddyCat

Score: 6.64

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1665 - Hide Infrastructure

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code

MITREへのリンク →

INC Ransom

Score: 11.75

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1552.003 - Shell History
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Moses Staff

Score: 3.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding

MITREへのリンク →

Axiom

Score: 4.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver

MITREへのリンク →

Play

Score: 9.23

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1597 - Search Closed Sources
T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

HAFNIUM

Score: 7.61

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1055.008 - Ptrace System Calls

MITREへのリンク →

Salt Typhoon

Score: 10.40

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1110.003 - Password Spraying
T1556 - Modify Authentication Process

MITREへのリンク →

APT39

Score: 9.08

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1097 - Pass the Ticket
T1027.004 - Compile After Delivery

MITREへのリンク →

Akira

Score: 11.20

Matched TTPs:

T1137.005 - Outlook Rules
T1552.003 - Shell History
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Storm-1811

Score: 8.40

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact

MITREへのリンク →

HEXANE

Score: 12.88

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection
T1097 - Pass the Ticket
T1065 - Uncommonly Used Port

MITREへのリンク →

APT42

Score: 3.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection

MITREへのリンク →

IndigoZebra

Score: 3.53

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target

MITREへのリンク →

TA2541

Score: 5.33

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1597 - Search Closed Sources

MITREへのリンク →

ZIRCONIUM

Score: 7.97

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware
T1608.005 - Link Target
T1027.004 - Compile After Delivery

MITREへのリンク →

RedEcho

Score: 3.92

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Lazarus Group

Score: 31.44

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1547.011 - Plist Modification
T1588.001 - Malware
T1608.005 - Link Target
T1069.001 - Local Groups
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1556 - Modify Authentication Process

MITREへのリンク →

EXOTIC LILY

Score: 3.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection

MITREへのリンク →

Silent Librarian

Score: 7.24

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1609 - Container Administration Command

MITREへのリンク →

APT38

Score: 27.57

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1503 - Credentials from Web Browsers
T1009 - Binary Padding
T1590 - Gather Victim Network Information
T1048 - Exfiltration Over Alternative Protocol
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1493 - Transmitted Data Manipulation

MITREへのリンク →

Moonstone Sleet

Score: 9.99

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1027 - Obfuscated Files or Information
T1126 - Network Share Connection Removal

MITREへのリンク →

BITTER

Score: 3.61

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1588.001 - Malware

MITREへのリンク →

CURIUM

Score: 7.43

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1218.001 - Compiled HTML File

MITREへのリンク →

RedCurl

Score: 9.25

Matched TTPs:

T1016.002 - Wi-Fi Discovery
T1090 - Proxy
T1027.004 - Compile After Delivery

MITREへのリンク →

Carbanak

Score: 4.44

Matched TTPs:

T1009 - Binary Padding
T1588.001 - Malware

MITREへのリンク →

Velvet Ant

Score: 6.54

Matched TTPs:

T1009 - Binary Padding
T1597 - Search Closed Sources
T1562.001 - Disable or Modify Tools

MITREへのリンク →

SilverTerrier

Score: 5.81

Matched TTPs:

T1131 - Authentication Package
T1552.003 - Shell History

MITREへのリンク →

FIN5

Score: 5.27

Matched TTPs:

T1547.011 - Plist Modification
T1097 - Pass the Ticket

MITREへのリンク →

Tonto Team

Score: 5.09

Matched TTPs:

T1547.011 - Plist Modification
T1027.004 - Compile After Delivery

MITREへのリンク →

APT3

Score: 6.03

Matched TTPs:

T1547.011 - Plist Modification
T1177 - LSASS Driver

MITREへのリンク →

Deep Panda

Score: 6.03

Matched TTPs:

T1177 - LSASS Driver
T1027.014 - Polymorphic Code

MITREへのリンク →

Tropic Trooper

Score: 10.25

Matched TTPs:

T1090 - Proxy
T1136.003 - Cloud Account
T1665 - Hide Infrastructure

MITREへのリンク →

APT-C-36

Score: 4.49

Matched TTPs:

T1588.001 - Malware
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

Confucius

Score: 4.85

Matched TTPs:

T1608.005 - Link Target
T1665 - Hide Infrastructure

MITREへのリンク →

Dark Caracal

Score: 3.44

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol

MITREへのリンク →

DarkVishnya

Score: 4.92

Matched TTPs:

T1097 - Pass the Ticket
T1562.001 - Disable or Modify Tools

MITREへのリンク →

WIRTE

Score: 5.14

Matched TTPs:

T1562.001 - Disable or Modify Tools
T1027.014 - Polymorphic Code

MITREへのリンク →

APT33

Score: 5.14

Matched TTPs:

T1562.001 - Disable or Modify Tools
T1556 - Modify Authentication Process

MITREへのリンク →

APT37

Score: 6.47

Matched TTPs:

T1078 - Valid Accounts
T1027.004 - Compile After Delivery

MITREへのリンク →

Windshift

Score: 4.13

Matched TTPs:

T1078 - Valid Accounts

MITREへのリンク →

DarkHydrus

Score: 4.13

Matched TTPs:

T1531 - Account Access Removal

MITREへのリンク →

FIN8

Score: 5.09

Matched TTPs:

T1027 - Obfuscated Files or Information
T1556 - Modify Authentication Process

MITREへのリンク →

LuminousMoth

Score: 3.44

Matched TTPs:

T1574.009 - Path Interception by Unquoted Path

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1584.002 - DNS Server

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70

Matched TTPs:

T1665 - Hide Infrastructure
T1027.014 - Polymorphic Code
T1140 - Deobfuscate/Decode Files or Information
T1608.005 - Link Target
T1588.001 - Malware
T1609 - Container Administration Command
T1126 - Network Share Connection Removal
T1597 - Search Closed Sources
T1546.013 - PowerShell Profile
T1009 - Binary Padding
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1027.004 - Compile After Delivery
T1546.011 - Application Shimming
T1003.007 - Proc Filesystem
T1213.006 - Databases
T1131 - Authentication Package

MITREへのリンク →

Contagious Interview

Score: 0.57

Matched TTPs:

T1608.005 - Link Target
T1126 - Network Share Connection Removal
T1597 - Search Closed Sources
T1651 - Cloud Administration Command
T1021.006 - Windows Remote Management
T1546.013 - PowerShell Profile
T1027.004 - Compile After Delivery
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1552.003 - Shell History
T1562.001 - Disable or Modify Tools
T1131 - Authentication Package
T1547.005 - Security Support Provider
T1556 - Modify Authentication Process

MITREへのリンク →

Scattered Spider

Score: 0.56

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1609 - Container Administration Command
T1083 - File and Directory Discovery
T1597 - Search Closed Sources
T1098.007 - Additional Local or Domain Groups
T1027 - Obfuscated Files or Information
T1552.003 - Shell History
T1564.003 - Hidden Window
T1666 - Modify Cloud Resource Hierarchy
T1556.008 - Network Provider DLL
T1070.002 - Clear Linux or Mac System Logs
T1547.005 - Security Support Provider

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ