Trusted Design

Kimsuky's Advanced Attack Techniques: JSONPing, Webex Spoofing, and a New HttpSpy Variant

概要

Through April 2026, Kimsuky deployed sophisticated malicious campaigns against South Korean military and corporate entities using tailored social engineering tactics including fake security software installation pages and spoofed Webex meeting pages leveraging legitimate meeting schedules. The threat actor introduced a novel JSONPing technique allowing distribution pages to verify in real time whether victims executed the payload via JSONP queries to localhost servers. Analysis revealed a new HttpSpy variant with a three-stage execution chain replacing the previous single-binary architecture, utilizing RC4 encryption and shared infrastructure indicators. Attribution was confirmed through code pattern overlaps, reused encryption keys, XAMPP certificate fingerprints, and preferred ASN usage consistent with historical Kimsuky operations targeting South Korea.

Created: 2026-05-29

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 21.91
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1200 - Hardware Additions
MITREへのリンク →

APT29

Score: 32.06
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Turla

Score: 17.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1546.016 - Installer Packages
MITREへのリンク →

APT32

Score: 19.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027.014 - Polymorphic Code
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 5.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 8.61
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 8.00
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1090 - Proxy
  • T1159 - Launch Agent
MITREへのリンク →

MuddyWater

Score: 23.06
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
MITREへのリンク →

Earth Lusca

Score: 22.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1546.016 - Installer Packages
MITREへのリンク →

Winter Vivern

Score: 17.25
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 4.72
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
MITREへのリンク →

Contagious Interview

Score: 29.02
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1126 - Network Share Connection Removal
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 5.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 18.38
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 11.41
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cobalt Group

Score: 13.39
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Higaisa

Score: 6.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1588.001 - Malware
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 50.27
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1053.007 - Container Orchestration Job
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1609 - Container Administration Command
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1126 - Network Share Connection Removal
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 13.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
MITREへのリンク →

Leafminer

Score: 6.51
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
MITREへのリンク →

Mustang Panda

Score: 37.21
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1053.007 - Container Orchestration Job
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

APT41

Score: 19.76
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1208 - Kerberoasting
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Scattered Spider

Score: 30.35
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

Volt Typhoon

Score: 26.37
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1584.002 - DNS Server
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 6.03
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
MITREへのリンク →

FIN13

Score: 16.50
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1588.001 - Malware
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Daggerfly

Score: 5.43
Matched TTPs:
  • T1584.008 - Network Devices
  • T1546.016 - Installer Packages
MITREへのリンク →

GALLIUM

Score: 6.81
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
MITREへのリンク →

Dragonfly

Score: 18.04
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
  • T1200 - Hardware Additions
  • T1546.016 - Installer Packages
MITREへのリンク →

Ke3chang

Score: 14.41
Matched TTPs:
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
MITREへのリンク →

Agrius

Score: 5.86
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 4.06
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

menuPass

Score: 12.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
MITREへのリンク →

Threat Group-3390

Score: 13.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Wizard Spider

Score: 15.14
Matched TTPs:
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 9.30
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
MITREへのリンク →

Silent Librarian

Score: 10.40
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Lazarus Group

Score: 32.69
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sea Turtle

Score: 9.42
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

UNC3886

Score: 18.83
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.011 - Application Shimming
  • T1021.006 - Windows Remote Management
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LuminousMoth

Score: 6.59
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

BlackTech

Score: 4.62
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

RedCurl

Score: 12.53
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT1

Score: 9.61
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Chimera

Score: 8.64
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1665 - Hide Infrastructure
MITREへのリンク →

Magic Hound

Score: 23.36
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-0501

Score: 17.32
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 22.74
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
MITREへのリンク →

Leviathan

Score: 19.12
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
  • T1546.016 - Installer Packages
MITREへのリンク →

Gamaredon Group

Score: 23.59
Matched TTPs:
  • T1527 - Application Access Token
  • T1547.012 - Print Processors
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1200 - Hardware Additions
MITREへのリンク →

Medusa Group

Score: 17.88
Matched TTPs:
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT39

Score: 10.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 23.11
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

OilRig

Score: 15.17
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1592.002 - Software
  • T1556 - Modify Authentication Process
MITREへのリンク →

BRONZE BUTLER

Score: 13.25
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
MITREへのリンク →

TeamTNT

Score: 12.52
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

Aquatic Panda

Score: 6.42
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
MITREへのリンク →

Rocke

Score: 5.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BackdoorDiplomacy

Score: 3.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
MITREへのリンク →

Fox Kitten

Score: 7.00
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1656 - Impersonation
MITREへのリンク →

Cinnamon Tempest

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BlackByte

Score: 9.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 4.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1665 - Hide Infrastructure
MITREへのリンク →

Blue Mockingbird

Score: 4.22
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

INC Ransom

Score: 9.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Play

Score: 6.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

HAFNIUM

Score: 3.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
MITREへのリンク →

Salt Typhoon

Score: 8.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 8.40
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

HEXANE

Score: 9.48
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1159 - Launch Agent
MITREへのリンク →

APT42

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA2541

Score: 5.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

ZIRCONIUM

Score: 11.41
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Moonstone Sleet

Score: 13.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
MITREへのリンク →

BITTER

Score: 3.61
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
MITREへのリンク →

CURIUM

Score: 7.43
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
MITREへのリンク →

LAPSUS$

Score: 10.21
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tropic Trooper

Score: 16.15
Matched TTPs:
  • T1090 - Proxy
  • T1136.003 - Cloud Account
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT12

Score: 4.54
Matched TTPs:
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

Confucius

Score: 8.00
Matched TTPs:
  • T1608.005 - Link Target
  • T1200 - Hardware Additions
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT37

Score: 6.47
Matched TTPs:
  • T1078 - Valid Accounts
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Windshift

Score: 6.88
Matched TTPs:
  • T1078 - Valid Accounts
  • T1159 - Launch Agent
MITREへのリンク →

DarkHydrus

Score: 7.28
Matched TTPs:
  • T1531 - Account Access Removal
  • T1200 - Hardware Additions
MITREへのリンク →

FIN8

Score: 5.09
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1556 - Modify Authentication Process
MITREへのリンク →

Inception

Score: 8.64
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

DarkVishnya

Score: 4.54
Matched TTPs:
  • T1213.003 - Code Repositories
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1656 - Impersonation
  • T1003.007 - Proc Filesystem
  • T1546.013 - PowerShell Profile
  • T1609 - Container Administration Command
  • T1126 - Network Share Connection Removal
  • T1588.001 - Malware
  • T1027.004 - Compile After Delivery
  • T1213.006 - Databases
  • T1597 - Search Closed Sources
  • T1608.005 - Link Target
  • T1546.011 - Application Shimming
  • T1665 - Hide Infrastructure
  • T1098.007 - Additional Local or Domain Groups
  • T1027.014 - Polymorphic Code
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.007 - Container Orchestration Job
  • T1197 - BITS Jobs
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る