Trusted Design

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

概要

Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.

Created: 2026-05-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 32.65
Matched TTPs:
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Turla

Score: 26.98
Matched TTPs:
  • T1113 - Screen Capture
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1055.012 - Process Hollowing
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

APT28

Score: 29.65
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1585 - Establish Accounts
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

APT29

Score: 34.72
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Scattered Spider

Score: 42.47
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1109 - Component Firmware
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Saint Bear

Score: 5.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 11.13
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 8.59
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

MuddyWater

Score: 20.07
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

Earth Lusca

Score: 13.57
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 6.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
MITREへのリンク →

Silence

Score: 8.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 34.17
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1016 - System Network Configuration Discovery
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1690 - Prevent Command History Logging
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 7.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 16.96
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 17.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Cobalt Group

Score: 25.06
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
  • T1052 - Exfiltration Over Physical Medium
MITREへのリンク →

Higaisa

Score: 7.58
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1052 - Exfiltration Over Physical Medium
MITREへのリンク →

Kimsuky

Score: 53.36
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 8.63
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 8.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustang Panda

Score: 27.18
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 7.94
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 12.89
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
MITREへのリンク →

LuminousMoth

Score: 6.47
Matched TTPs:
  • T1109 - Component Firmware
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Sandworm Team

Score: 31.95
Matched TTPs:
  • T1109 - Component Firmware
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Lotus Blossom

Score: 6.24
Matched TTPs:
  • T1109 - Component Firmware
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT42

Score: 8.77
Matched TTPs:
  • T1109 - Component Firmware
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Daggerfly

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1573 - Encrypted Channel
MITREへのリンク →

GALLIUM

Score: 8.54
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 12.86
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Dragonfly

Score: 21.45
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1654 - Log Enumeration
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 16.14
Matched TTPs:
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 4.39
Matched TTPs:
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 18.35
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
MITREへのリンク →

APT5

Score: 4.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 13.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 21.66
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Wizard Spider

Score: 14.09
Matched TTPs:
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 10.92
Matched TTPs:
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1003.003 - NTDS
MITREへのリンク →

Storm-0501

Score: 24.38
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
  • T1055.009 - Proc Memory
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Leviathan

Score: 16.37
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
MITREへのリンク →

Gamaredon Group

Score: 25.39
Matched TTPs:
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Volt Typhoon

Score: 24.10
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
MITREへのリンク →

BRONZE BUTLER

Score: 14.35
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

TeamTNT

Score: 11.38
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 23.46
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.012 - Process Hollowing
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1556 - Modify Authentication Process
MITREへのリンク →

Aquatic Panda

Score: 6.18
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 11.44
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.012 - Process Hollowing
  • T1601.001 - Patch System Image
MITREへのリンク →

admin@338

Score: 5.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT1

Score: 7.25
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 5.71
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1601.001 - Patch System Image
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 11.32
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

HEXANE

Score: 9.51
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA2541

Score: 8.07
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

ZIRCONIUM

Score: 14.91
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1608.006 - SEO Poisoning
MITREへのリンク →

RedEcho

Score: 6.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Lazarus Group

Score: 27.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

EXOTIC LILY

Score: 5.36
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1690 - Prevent Command History Logging
MITREへのリンク →

Silent Librarian

Score: 4.96
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1609 - Container Administration Command
MITREへのリンク →

Sea Turtle

Score: 5.65
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1218 - System Binary Proxy Execution
MITREへのリンク →

Magic Hound

Score: 24.02
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

APT38

Score: 18.81
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 11.70
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
MITREへのリンク →

UNC3886

Score: 14.46
Matched TTPs:
  • T1218 - System Binary Proxy Execution
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 15.84
Matched TTPs:
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
  • T1055.009 - Proc Memory
MITREへのリンク →

Medusa Group

Score: 18.70
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
MITREへのリンク →

LAPSUS$

Score: 14.06
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1564.003 - Hidden Window
MITREへのリンク →

Salt Typhoon

Score: 5.09
Matched TTPs:
  • T1009 - Binary Padding
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

ToddyCat

Score: 4.08
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Velvet Ant

Score: 11.02
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

BlackByte

Score: 12.08
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

APT39

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT3

Score: 5.95
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Play

Score: 8.57
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
MITREへのリンク →

APT19

Score: 6.08
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Tropic Trooper

Score: 13.37
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1128 - Netsh Helper DLL
MITREへのリンク →

HAFNIUM

Score: 3.48
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
MITREへのリンク →

INC Ransom

Score: 13.34
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1055.009 - Proc Memory
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT33

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

FIN8

Score: 9.70
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA551

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.79
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT18

Score: 3.84
Matched TTPs:
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1009 - Binary Padding
  • T1690 - Prevent Command History Logging
  • T1608.005 - Link Target
  • T1609 - Container Administration Command
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
  • T1109 - Component Firmware
  • T1597 - Search Closed Sources
  • T1003.003 - NTDS
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1565.002 - Transmitted Data Manipulation
  • T1027.004 - Compile After Delivery
  • T1546.013 - PowerShell Profile
  • T1131 - Authentication Package
  • T1098.007 - Additional Local or Domain Groups
  • T1654 - Log Enumeration
MITREへのリンク →

Scattered Spider

Score: 0.56
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1083 - File and Directory Discovery
  • T1609 - Container Administration Command
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1666 - Modify Cloud Resource Hierarchy
  • T1590.006 - Network Security Appliances
  • T1109 - Component Firmware
  • T1547.005 - Security Support Provider
  • T1597 - Search Closed Sources
  • T1556.008 - Network Provider DLL
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る