Trusted Design

Exposing Fox Tempest: A malware-signing service operation

概要

Fox Tempest is a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) business used by cybercriminals to distribute malicious code, including ransomware. The actor abuses Microsoft Artifact Signing to generate fraudulent code-signing certificates, allowing malware to evade security controls. Fox Tempest created over a thousand certificates and established hundreds of Azure tenants to support operations. Microsoft revoked over one thousand certificates and disrupted the service in May 2026 through the Digital Crimes Unit. The operation enabled ransomware deployment including Rhysida by threat actors like Vanilla Tempest, and distributed malware families including Oyster, Lumma Stealer, and Vidar. The MSaaS was available through signspace[.]cloud, charging between $5000-$9000 USD. Attacks impacted healthcare, education, government, and financial services sectors globally.

Created: 2026-05-21

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 11.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1608.005 - Link Target
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

menuPass

Score: 14.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1116 - Code Signing
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
MITREへのリンク →

Wizard Spider

Score: 19.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT33

Score: 4.23
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Fox Kitten

Score: 9.56
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1565 - Data Manipulation
MITREへのリンク →

Volt Typhoon

Score: 20.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1116 - Code Signing
  • T1553.002 - Code Signing
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1584.002 - DNS Server
MITREへのリンク →

APT1

Score: 6.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Mustang Panda

Score: 42.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1596.001 - DNS/Passive DNS
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Play

Score: 3.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 4.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Sea Turtle

Score: 7.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT39

Score: 17.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

RedCurl

Score: 10.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1016.002 - Wi-Fi Discovery
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT5

Score: 6.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1116 - Code Signing
MITREへのリンク →

Agrius

Score: 7.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1116 - Code Signing
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 8.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1116 - Code Signing
  • T1547.011 - Plist Modification
MITREへのリンク →

APT41

Score: 14.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1177 - LSASS Driver
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1556.005 - Reversible Encryption
MITREへのリンク →

MuddyWater

Score: 21.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT28

Score: 23.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
  • T1588.003 - Code Signing Certificates
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 15.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BRONZE BUTLER

Score: 6.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

UNC3886

Score: 17.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.001 - DNS/Passive DNS
  • T1116 - Code Signing
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 47.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1116 - Code Signing
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT3

Score: 10.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
MITREへのリンク →

FIN8

Score: 12.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Ke3chang

Score: 7.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1055.013 - Process Doppelgänging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lotus Blossom

Score: 6.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1116 - Code Signing
MITREへのリンク →

FIN13

Score: 20.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1116 - Code Signing
  • T1553.002 - Code Signing
  • T1547.005 - Security Support Provider
  • T1134.001 - Token Impersonation/Theft
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Earth Lusca

Score: 14.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 32.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Aquatic Panda

Score: 3.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 9.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
MITREへのリンク →

Scattered Spider

Score: 40.31
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN4

Score: 6.77
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT32

Score: 23.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
  • T1484 - Domain or Tenant Policy Modification
MITREへのリンク →

Saint Bear

Score: 8.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 6.11
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
MITREへのリンク →

Sidewinder

Score: 6.51
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA577

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Winter Vivern

Score: 7.02
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Silence

Score: 4.72
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
MITREへのリンク →

Contagious Interview

Score: 24.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

LazyScripter

Score: 6.95
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 17.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN7

Score: 13.97
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cobalt Group

Score: 16.02
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Higaisa

Score: 3.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Indrik Spider

Score: 10.30
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1116 - Code Signing
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Molerats

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 6.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 14.49
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
  • T1565 - Data Manipulation
MITREへのリンク →

HEXANE

Score: 11.82
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1565 - Data Manipulation
MITREへのリンク →

APT29

Score: 25.55
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 17.24
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA2541

Score: 9.52
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Daggerfly

Score: 3.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Dragonfly

Score: 21.30
Matched TTPs:
  • T1584.008 - Network Devices
  • T1116 - Code Signing
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1654 - Log Enumeration
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 14.48
Matched TTPs:
  • T1584.008 - Network Devices
  • T1116 - Code Signing
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Ember Bear

Score: 4.39
Matched TTPs:
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

Silent Librarian

Score: 10.40
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Lazarus Group

Score: 31.40
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1055.005 - Thread Local Storage
MITREへのリンク →

LuminousMoth

Score: 5.79
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1543.003 - Windows Service
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BlackTech

Score: 7.75
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1543.003 - Windows Service
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Storm-1811

Score: 14.67
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN5

Score: 6.99
Matched TTPs:
  • T1116 - Code Signing
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Patchwork

Score: 3.35
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
MITREへのリンク →

TeamTNT

Score: 12.59
Matched TTPs:
  • T1116 - Code Signing
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Leviathan

Score: 20.50
Matched TTPs:
  • T1116 - Code Signing
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Storm-0501

Score: 12.15
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Sandworm Team

Score: 22.72
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Confucius

Score: 4.65
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Machete

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.004 - Compile After Delivery
MITREへのリンク →

ZIRCONIUM

Score: 10.76
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

EXOTIC LILY

Score: 7.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1565 - Data Manipulation
MITREへのリンク →

OilRig

Score: 20.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1592.002 - Software
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT42

Score: 6.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT38

Score: 22.10
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Salt Typhoon

Score: 10.03
Matched TTPs:
  • T1553.002 - Code Signing
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

Moonstone Sleet

Score: 13.11
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
MITREへのリンク →

CURIUM

Score: 6.14
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1565 - Data Manipulation
MITREへのリンク →

Medusa Group

Score: 18.44
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
MITREへのリンク →

LAPSUS$

Score: 14.06
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

Rocke

Score: 7.67
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Velvet Ant

Score: 4.14
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
MITREへのリンク →

BlackByte

Score: 11.80
Matched TTPs:
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Stealth Falcon

Score: 3.53
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT19

Score: 6.27
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT37

Score: 5.87
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Tropic Trooper

Score: 5.32
Matched TTPs:
  • T1136.003 - Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Water Galura

Score: 4.68
Matched TTPs:
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

TA551

Score: 3.93
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Inception

Score: 3.93
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

WIRTE

Score: 3.93
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Andariel

Score: 3.84
Matched TTPs:
  • T1187 - Forced Authentication
MITREへのリンク →

SideCopy

Score: 4.13
Matched TTPs:
  • T1584.002 - DNS Server
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1197 - BITS Jobs
  • T1546.013 - PowerShell Profile
  • T1560.001 - Archive via Utility
  • T1526 - Cloud Service Discovery
  • T1608.005 - Link Target
  • T1609 - Container Administration Command
  • T1556.005 - Reversible Encryption
  • T1116 - Code Signing
  • T1009 - Binary Padding
  • T1027.014 - Polymorphic Code
  • T1565 - Data Manipulation
  • T1027.004 - Compile After Delivery
  • T1654 - Log Enumeration
  • T1098.007 - Additional Local or Domain Groups
  • T1213.006 - Databases
  • T1565.002 - Transmitted Data Manipulation
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1136.003 - Cloud Account
  • T1560.001 - Archive via Utility
  • T1136.001 - Local Account
  • T1055.005 - Thread Local Storage
  • T1526 - Cloud Service Discovery
  • T1556.005 - Reversible Encryption
  • T1116 - Code Signing
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1183 - Image File Execution Options Injection
  • T1098.007 - Additional Local or Domain Groups
  • T1596.001 - DNS/Passive DNS
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Scattered Spider

Score: 0.60
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1556.008 - Network Provider DLL
  • T1565 - Data Manipulation
  • T1564.003 - Hidden Window
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1597 - Search Closed Sources
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る