Trusted Design

Disclosing new PebbleDash-based tools

概要

Kaspersky researchers conducted an in-depth analysis of Kimsuky APT activity, revealing tactical shifts and new malware variants based on the PebbleDash platform. The group introduced HelloDoor, a Rust-based backdoor, httpMalice leveraging HTTP and Dropbox communications, and updated MemLoad and httpTroy variants. Kimsuky maintains persistence through legitimate tools including VSCode Tunneling with GitHub authentication and DWAgent remote management software. Initial access occurs via spear-phishing with malicious attachments disguised as documents. The group primarily targets South Korean entities across government and defense sectors, with additional PebbleDash attacks observed in Brazil and Germany. Infrastructure relies on free South Korean hosting services and tunneling services like Cloudflare Quick Tunnels and Ngrok. Both PebbleDash and AppleSeed malware clusters demonstrate ongoing development with shared distribution methods, stolen certificates, and overlapping targets, indicating single-actor c...

Created: 2026-05-14

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 8.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1219.001 - IDE Tunneling
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 15.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 22.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 10.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1117 - Regsvr32
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 13.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 33.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 9.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 38.62
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 12.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 19.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1574 - Hijack Execution Flow
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 8.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 10.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 12.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT5

Score: 11.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1180 - Screensaver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 5.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 8.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 28.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
MITREへのリンク →

MuddyWater

Score: 21.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1117 - Regsvr32
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT28

Score: 17.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1200 - Hardware Additions
MITREへのリンク →

Turla

Score: 24.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BRONZE BUTLER

Score: 16.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

UNC3886

Score: 24.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.001 - DNS/Passive DNS
  • T1546.011 - Application Shimming
  • T1021.006 - Windows Remote Management
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 58.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1609 - Container Administration Command
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1126 - Network Share Connection Removal
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 10.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN8

Score: 11.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 20.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lotus Blossom

Score: 7.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 19.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 11.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 32.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1021.008 - Direct Cloud VM Connections
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Aquatic Panda

Score: 9.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

INC Ransom

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 7.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT32

Score: 21.22
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Saint Bear

Score: 3.77
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 10.48
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 11.17
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Winter Vivern

Score: 10.17
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
MITREへのリンク →

Silence

Score: 12.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 35.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1126 - Network Share Connection Removal
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 8.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 16.96
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 21.22
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 11.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 6.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1588.001 - Malware
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 10.92
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 13.30
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1117 - Regsvr32
  • T1101 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1601.001 - Patch System Image
MITREへのリンク →

Evilnum

Score: 4.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

HEXANE

Score: 19.45
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT29

Score: 29.30
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Gamaredon Group

Score: 26.04
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1200 - Hardware Additions
MITREへのリンク →

TA2541

Score: 6.06
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1597 - Search Closed Sources
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

Dragonfly

Score: 15.03
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1219.001 - IDE Tunneling
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
  • T1200 - Hardware Additions
MITREへのリンク →

Threat Group-3390

Score: 17.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1055.004 - Asynchronous Procedure Call
  • T1574.009 - Path Interception by Unquoted Path
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Ember Bear

Score: 17.11
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1003.003 - NTDS
MITREへのリンク →

Silent Librarian

Score: 14.24
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Lazarus Group

Score: 28.74
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

LuminousMoth

Score: 7.89
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1219.001 - IDE Tunneling
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
MITREへのリンク →

OilRig

Score: 21.95
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1117 - Regsvr32
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

Tropic Trooper

Score: 24.60
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT18

Score: 7.89
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Scattered Spider

Score: 35.13
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Storm-0501

Score: 16.04
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1588.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 25.04
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Leviathan

Score: 15.91
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1488 - Disk Content Wipe
MITREへのリンク →

Rocke

Score: 10.38
Matched TTPs:
  • T1180 - Screensaver
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 29.59
Matched TTPs:
  • T1180 - Screensaver
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

TeamTNT

Score: 16.24
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1153 - Source
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 5.56
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Storm-1811

Score: 11.32
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

APT42

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

ZIRCONIUM

Score: 9.39
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Moonstone Sleet

Score: 13.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
MITREへのリンク →

BITTER

Score: 3.61
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
MITREへのリンク →

CURIUM

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Medusa Group

Score: 13.72
Matched TTPs:
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

LAPSUS$

Score: 17.68
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 6.00
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

Inception

Score: 7.20
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Velvet Ant

Score: 9.90
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Dark Caracal

Score: 4.74
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

Confucius

Score: 7.28
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1200 - Hardware Additions
  • T1665 - Hide Infrastructure
MITREへのリンク →

Windigo

Score: 4.05
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1159 - Launch Agent
MITREへのリンク →

APT-C-36

Score: 4.49
Matched TTPs:
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

PROMETHIUM

Score: 4.76
Matched TTPs:
  • T1588.001 - Malware
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BackdoorDiplomacy

Score: 3.83
Matched TTPs:
  • T1588.001 - Malware
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

BlackByte

Score: 8.27
Matched TTPs:
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

DarkHydrus

Score: 7.28
Matched TTPs:
  • T1531 - Account Access Removal
  • T1200 - Hardware Additions
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1656 - Impersonation
  • T1003.007 - Proc Filesystem
  • T1665 - Hide Infrastructure
  • T1597 - Search Closed Sources
  • T1588.001 - Malware
  • T1601.001 - Patch System Image
  • T1197 - BITS Jobs
  • T1546.008 - Accessibility Features
  • T1565.002 - Transmitted Data Manipulation
  • T1560.001 - Archive via Utility
  • T1126 - Network Share Connection Removal
  • T1490 - Inhibit System Recovery
  • T1546.011 - Application Shimming
  • T1219.001 - IDE Tunneling
  • T1183 - Image File Execution Options Injection
  • T1027.004 - Compile After Delivery
  • T1098.007 - Additional Local or Domain Groups
  • T1003.003 - NTDS
  • T1609 - Container Administration Command
  • T1213.006 - Databases
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る