Trusted Design

Cybercriminal VPN Dismantled in Crackdown

概要

A coordinated law enforcement operation led by France and the Netherlands has successfully taken down First VPN, a service extensively used by ransomware operators, fraudsters, and data thieves to conceal their criminal activities. The operation, which took place from May 19-20, resulted in the dismantling of 33 servers, seizure of three domains, and a house search of the administrator in Ukraine. The VPN service had been advertised on Russian-language cybercrime forums for years, accepting anonymous payments and providing infrastructure specifically designed for illicit use. Investigators gained access to the user database, generating 83 intelligence packages shared internationally, information on 506 users distributed globally, and advancing 21 investigations. The service had appeared in almost every major cybercrime investigation supported by Europol in recent years.

Created: 2026-05-22

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 35.19
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN4

Score: 6.45
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Turla

Score: 25.65
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT32

Score: 29.27
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 6.66
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 9.25
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 10.91
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

MuddyWater

Score: 21.88
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1117 - Regsvr32
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

Earth Lusca

Score: 16.34
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

TA577

Score: 3.42
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
MITREへのリンク →

Winter Vivern

Score: 10.94
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
MITREへのリンク →

Silence

Score: 12.31
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 35.65
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1126 - Network Share Connection Removal
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 9.69
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 19.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 19.70
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 18.83
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 4.32
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Kimsuky

Score: 63.69
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Indrik Spider

Score: 8.40
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Molerats

Score: 4.29
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Leafminer

Score: 12.00
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1117 - Regsvr32
  • T1101 - Security Support Provider
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustang Panda

Score: 35.64
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 6.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 10.09
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Magic Hound

Score: 30.86
Matched TTPs:
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

HEXANE

Score: 14.14
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1097 - Pass the Ticket
  • T1601.001 - Patch System Image
MITREへのリンク →

APT29

Score: 26.43
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 31.06
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1086 - PowerShell
MITREへのリンク →

TA2541

Score: 12.85
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Lotus Blossom

Score: 5.95
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 17.94
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1668 - Exclusive Control
MITREへのリンク →

HAFNIUM

Score: 10.36
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Volt Typhoon

Score: 13.42
Matched TTPs:
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN8

Score: 12.02
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustard Tempest

Score: 5.98
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
MITREへのリンク →

Daggerfly

Score: 5.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
MITREへのリンク →

GALLIUM

Score: 11.29
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1668 - Exclusive Control
MITREへのリンク →

Dragonfly

Score: 20.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1654 - Log Enumeration
  • T1097 - Pass the Ticket
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 9.08
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 6.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 35.06
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1578.003 - Delete Cloud Instance
  • T1055.004 - Asynchronous Procedure Call
  • T1097 - Pass the Ticket
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1668 - Exclusive Control
MITREへのリンク →

APT5

Score: 10.92
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1578.003 - Delete Cloud Instance
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 14.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 14.56
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Wizard Spider

Score: 23.90
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 12.06
Matched TTPs:
  • T1584.008 - Network Devices
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1668 - Exclusive Control
MITREへのリンク →

RedCurl

Score: 14.85
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Sea Turtle

Score: 4.80
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT1

Score: 15.36
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1668 - Exclusive Control
MITREへのリンク →

Chimera

Score: 11.10
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
MITREへのリンク →

Storm-0501

Score: 21.04
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1552.003 - Shell History
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Sandworm Team

Score: 37.37
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Leviathan

Score: 17.14
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
MITREへのリンク →

LuminousMoth

Score: 4.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Confucius

Score: 4.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
MITREへのリンク →

Machete

Score: 4.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Transparent Tribe

Score: 3.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT3

Score: 10.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lazarus Group

Score: 36.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1086 - PowerShell
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 11.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1117 - Regsvr32
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

ZIRCONIUM

Score: 12.23
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

EXOTIC LILY

Score: 6.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

OilRig

Score: 22.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1117 - Regsvr32
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1097 - Pass the Ticket
  • T1556 - Modify Authentication Process
MITREへのリンク →

Storm-1811

Score: 16.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Patchwork

Score: 4.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
MITREへのリンク →

APT42

Score: 10.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1599 - Network Boundary Bridging
MITREへのリンク →

APT39

Score: 17.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1547.011 - Plist Modification
  • T1097 - Pass the Ticket
  • T1599 - Network Boundary Bridging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tropic Trooper

Score: 11.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
MITREへのリンク →

APT28

Score: 26.72
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1097 - Pass the Ticket
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1668 - Exclusive Control
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

admin@338

Score: 4.08
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

BRONZE BUTLER

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

WIRTE

Score: 6.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Inception

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
MITREへのリンク →

TA551

Score: 5.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

RTM

Score: 3.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

APT19

Score: 6.95
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

Moonstone Sleet

Score: 18.70
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Tonto Team

Score: 5.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT37

Score: 5.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1027.004 - Compile After Delivery
MITREへのリンク →

CURIUM

Score: 4.68
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

IndigoZebra

Score: 4.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

APT38

Score: 33.05
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1503 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

PLATINUM

Score: 3.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
MITREへのリンク →

APT-C-36

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

UNC3886

Score: 18.99
Matched TTPs:
  • T1689 - Downgrade Attack
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Akira

Score: 11.20
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

TeamTNT

Score: 12.70
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

Velvet Ant

Score: 10.73
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 14.54
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Salt Typhoon

Score: 8.93
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

ToddyCat

Score: 4.08
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Medusa Group

Score: 16.63
Matched TTPs:
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

FIN5

Score: 5.27
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1097 - Pass the Ticket
MITREへのリンク →

Play

Score: 11.09
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 7.67
Matched TTPs:
  • T1177 - LSASS Driver
  • T1097 - Pass the Ticket
  • T1601.001 - Patch System Image
MITREへのリンク →

LAPSUS$

Score: 7.28
Matched TTPs:
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
MITREへのリンク →

INC Ransom

Score: 12.02
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cinnamon Tempest

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

DarkVishnya

Score: 9.46
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

Aquatic Panda

Score: 6.41
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.79
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1213.006 - Databases
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1027.004 - Compile After Delivery
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1546.008 - Accessibility Features
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1609 - Container Administration Command
  • T1197 - BITS Jobs
  • T1668 - Exclusive Control
  • T1552.003 - Shell History
  • T1654 - Log Enumeration
  • T1126 - Network Share Connection Removal
  • T1009 - Binary Padding
  • T1546.011 - Application Shimming
  • T1684 - Social Engineering
  • T1565.002 - Transmitted Data Manipulation
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る