Trusted Design

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

概要

The Gentlemen is a ransomware-as-a-service operation tracked as Storm-2697, distinguished by combining robust per-file encryption using Curve25519 with XChaCha20 stream cipher alongside aggressive self-propagation capabilities designed for broad network compromise. Emerging in mid-2025 and transitioning to RaaS by September 2025, the operation recently partnered with BreachForums to recruit affiliates including penetration testers and initial access brokers. Written in Go and obfuscated with Garble, the ransomware employs double extortion tactics, encrypting data while exfiltrating sensitive information. It utilizes 21 distinct lateral movement techniques per target host, including PsExec, WMI, scheduled tasks, services, and PowerShell remoting. The malware disables defenses, deletes shadow copies and forensic artifacts, and can optionally wipe free disk space to prevent recovery, impacting organizations globally across education, transportation, healthcare, and finance sectors.

Created: 2026-05-29

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 21.27
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT29

Score: 39.29
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Scattered Spider

Score: 41.87
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Turla

Score: 31.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1561 - Disk Wipe
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT32

Score: 32.06
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Saint Bear

Score: 5.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 12.00
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
  • T1601.001 - Patch System Image
MITREへのリンク →

MuddyWater

Score: 16.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
MITREへのリンク →

Earth Lusca

Score: 15.95
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 6.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
MITREへのリンク →

Silence

Score: 8.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 31.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1565 - Data Manipulation
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 7.37
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

TA505

Score: 26.05
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1685.002 - Disable or Modify Cloud Log
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN7

Score: 20.04
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 14.05
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 4.81
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 58.81
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1053.007 - Container Orchestration Job
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Indrik Spider

Score: 11.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Molerats

Score: 5.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →

Leafminer

Score: 10.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustang Panda

Score: 30.76
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1053.007 - Container Orchestration Job
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Star Blizzard

Score: 12.20
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1565 - Data Manipulation
MITREへのリンク →

Magic Hound

Score: 27.64
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

HEXANE

Score: 13.13
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1565 - Data Manipulation
  • T1601.001 - Patch System Image
MITREへのリンク →

Gamaredon Group

Score: 28.14
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
MITREへのリンク →

TA2541

Score: 8.07
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Lotus Blossom

Score: 4.48
Matched TTPs:
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 22.47
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

HAFNIUM

Score: 15.18
Matched TTPs:
  • T1099 - Timestomp
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 27.43
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1003.007 - Proc Filesystem
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN8

Score: 9.70
Matched TTPs:
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

APT41

Score: 16.17
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

APT3

Score: 13.57
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
MITREへのリンク →

Daggerfly

Score: 5.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
MITREへのリンク →

GALLIUM

Score: 7.07
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Dragonfly

Score: 15.85
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1654 - Log Enumeration
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 14.67
Matched TTPs:
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 4.39
Matched TTPs:
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 4.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

menuPass

Score: 12.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Threat Group-3390

Score: 8.77
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1573 - Encrypted Channel
MITREへのリンク →

Wizard Spider

Score: 12.62
Matched TTPs:
  • T1584.008 - Network Devices
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 9.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Storm-0501

Score: 11.74
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Sandworm Team

Score: 34.66
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 7.81
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Leviathan

Score: 14.87
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1554 - Compromise Host Software Binary
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
MITREへのリンク →

BRONZE BUTLER

Score: 10.51
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

TeamTNT

Score: 19.11
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 13.39
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1556 - Modify Authentication Process
MITREへのリンク →

Aquatic Panda

Score: 6.18
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 8.95
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT1

Score: 5.78
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Rancor

Score: 3.29
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →

ZIRCONIUM

Score: 12.60
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

Machete

Score: 5.63
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 31.17
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.005 - Visual Basic
MITREへのリンク →

Akira

Score: 11.20
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 8.40
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Lazarus Group

Score: 31.14
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1565 - Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

EXOTIC LILY

Score: 3.86
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1565 - Data Manipulation
MITREへのリンク →

Silent Librarian

Score: 4.96
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1609 - Container Administration Command
MITREへのリンク →

Moonstone Sleet

Score: 12.57
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
MITREへのリンク →

CURIUM

Score: 3.86
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1565 - Data Manipulation
MITREへのリンク →

UNC3886

Score: 14.46
Matched TTPs:
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 11.77
Matched TTPs:
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LAPSUS$

Score: 10.21
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
MITREへのリンク →

Salt Typhoon

Score: 8.93
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

ToddyCat

Score: 6.91
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

Medusa Group

Score: 15.22
Matched TTPs:
  • T1009 - Binary Padding
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Velvet Ant

Score: 10.94
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 10.61
Matched TTPs:
  • T1009 - Binary Padding
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

APT39

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 6.91
Matched TTPs:
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Fox Kitten

Score: 10.01
Matched TTPs:
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1565 - Data Manipulation
  • T1601.001 - Patch System Image
MITREへのリンク →

Tropic Trooper

Score: 14.65
Matched TTPs:
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

INC Ransom

Score: 12.02
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT33

Score: 7.67
Matched TTPs:
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

Cinnamon Tempest

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Water Galura

Score: 7.20
Matched TTPs:
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Play

Score: 8.85
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Confucius

Score: 4.85
Matched TTPs:
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

TA551

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

APT19

Score: 4.61
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.79
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

SideCopy

Score: 4.13
Matched TTPs:
  • T1584.002 - DNS Server
MITREへのリンク →

Patchwork

Score: 4.70
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1665 - Hide Infrastructure
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1131 - Authentication Package
  • T1552.003 - Shell History
  • T1009 - Binary Padding
  • T1197 - BITS Jobs
  • T1027.014 - Polymorphic Code
  • T1213.006 - Databases
  • T1601.001 - Patch System Image
  • T1608.005 - Link Target
  • T1490 - Inhibit System Recovery
  • T1027.004 - Compile After Delivery
  • T1053.007 - Container Orchestration Job
  • T1098.007 - Additional Local or Domain Groups
  • T1003.007 - Proc Filesystem
  • T1654 - Log Enumeration
  • T1546.013 - PowerShell Profile
  • T1565 - Data Manipulation
  • T1665 - Hide Infrastructure
  • T1609 - Container Administration Command
  • T1546.011 - Application Shimming
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る