Trusted Design

Operation Dragon Weave: Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2

概要

A sophisticated cyber-espionage campaign attributed to China-linked actors targets officials and citizens in Czech Republic and Taiwan through spearphishing attacks. The operation deploys malicious ZIP archives containing dual infection paths that ultimately deliver AZUREVEIL, an Adaptix C2 agent. The campaign uniquely leverages Microsoft Azure Blob Storage as a dead-drop command-and-control channel, bypassing traditional C2 infrastructure. A multi-stage infection chain employs RUSTCLOAK, a Rust-based loader implementing triple-layer encryption using modified RC4, Base64, and SM4-CBC algorithms. The final payload supports 36 post-exploitation commands including Beacon Object File execution in memory, file system manipulation, process control, network pivoting, and data exfiltration. Lure documents impersonate official communications from Taiwanese research institutions and Czech Social Security Administration, demonstrating targeted social engineering tailored to each region.

Created: 2026-06-01

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 26.36
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1098.007 - Additional Local or Domain Groups
  • T1139 - Bash History
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1585 - Establish Accounts
MITREへのリンク →

APT29

Score: 36.62
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Scattered Spider

Score: 51.61
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1556.008 - Network Provider DLL
  • T1210 - Exploitation of Remote Services
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Turla

Score: 14.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT32

Score: 23.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 8.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 11.60
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 9.47
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1159 - Launch Agent
MITREへのリンク →

MuddyWater

Score: 21.74
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
MITREへのリンク →

Earth Lusca

Score: 15.68
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 9.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
MITREへのリンク →

Silence

Score: 7.12
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 37.56
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1016 - System Network Configuration Discovery
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 5.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 20.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 21.47
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Cobalt Group

Score: 19.06
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Higaisa

Score: 6.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 61.64
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1526 - Cloud Service Discovery
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 13.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 9.03
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
MITREへのリンク →

Mustang Panda

Score: 39.82
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1159 - Launch Agent
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 4.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 12.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Magic Hound

Score: 25.46
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

HEXANE

Score: 17.32
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
MITREへのリンク →

Gamaredon Group

Score: 26.27
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TA2541

Score: 10.82
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Lotus Blossom

Score: 4.22
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
MITREへのリンク →

FIN13

Score: 26.05
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

HAFNIUM

Score: 10.07
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
MITREへのリンク →

Volt Typhoon

Score: 37.89
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN8

Score: 13.73
Matched TTPs:
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT41

Score: 22.78
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

APT3

Score: 13.31
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
MITREへのリンク →

Daggerfly

Score: 9.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1573 - Encrypted Channel
MITREへのリンク →

GALLIUM

Score: 6.81
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Dragonfly

Score: 23.80
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1654 - Log Enumeration
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ke3chang

Score: 12.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
MITREへのリンク →

Agrius

Score: 4.39
Matched TTPs:
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

menuPass

Score: 12.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Threat Group-3390

Score: 23.08
Matched TTPs:
  • T1584.008 - Network Devices
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1526 - Cloud Service Discovery
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Wizard Spider

Score: 21.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1001.003 - Protocol or Service Impersonation
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 12.75
Matched TTPs:
  • T1584.008 - Network Devices
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Storm-0501

Score: 18.52
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
  • T1055.009 - Proc Memory
MITREへのリンク →

Sandworm Team

Score: 27.61
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
MITREへのリンク →

Leviathan

Score: 22.10
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

UNC3886

Score: 26.97
Matched TTPs:
  • T1689 - Downgrade Attack
  • T1556.002 - Password Filter DLL
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BRONZE BUTLER

Score: 17.10
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

TeamTNT

Score: 18.85
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 21.36
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1128 - Netsh Helper DLL
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Aquatic Panda

Score: 8.16
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1144 - Gatekeeper Bypass
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 6.83
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 3.99
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT1

Score: 7.80
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 10.12
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1001.003 - Protocol or Service Impersonation
  • T1665 - Hide Infrastructure
MITREへのリンク →

Akira

Score: 11.20
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 11.32
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

APT42

Score: 8.02
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1128 - Netsh Helper DLL
MITREへのリンク →

IndigoZebra

Score: 3.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

ZIRCONIUM

Score: 10.78
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

RedEcho

Score: 6.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Lazarus Group

Score: 34.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

EXOTIC LILY

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Silent Librarian

Score: 11.09
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

APT38

Score: 12.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Moonstone Sleet

Score: 13.98
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
MITREへのリンク →

CURIUM

Score: 3.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

RedCurl

Score: 18.36
Matched TTPs:
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
  • T1055.009 - Proc Memory
MITREへのリンク →

Medusa Group

Score: 21.65
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
MITREへのリンク →

LAPSUS$

Score: 13.83
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Salt Typhoon

Score: 8.93
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

ToddyCat

Score: 5.17
Matched TTPs:
  • T1009 - Binary Padding
  • T1665 - Hide Infrastructure
MITREへのリンク →

Velvet Ant

Score: 9.28
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

BlackByte

Score: 12.08
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT39

Score: 10.87
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1001.003 - Protocol or Service Impersonation
  • T1027.004 - Compile After Delivery
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Play

Score: 9.23
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

APT19

Score: 6.56
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1027.014 - Polymorphic Code
MITREへのリンク →

SideCopy

Score: 8.35
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Stealth Falcon

Score: 3.81
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Tropic Trooper

Score: 17.21
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1136.003 - Cloud Account
  • T1128 - Netsh Helper DLL
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 11.59
Matched TTPs:
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1656 - Impersonation
MITREへのリンク →

APT37

Score: 4.68
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Windigo

Score: 5.09
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1159 - Launch Agent
MITREへのリンク →

INC Ransom

Score: 14.13
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1055.009 - Proc Memory
MITREへのリンク →

APT33

Score: 7.67
Matched TTPs:
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

Cinnamon Tempest

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

Confucius

Score: 4.85
Matched TTPs:
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
MITREへのリンク →

WIRTE

Score: 5.14
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

DarkVishnya

Score: 6.94
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Inception

Score: 5.49
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1159 - Launch Agent
MITREへのリンク →

LuminousMoth

Score: 3.44
Matched TTPs:
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

BlackTech

Score: 3.15
Matched TTPs:
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT18

Score: 3.84
Matched TTPs:
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1213.006 - Databases
  • T1565.002 - Transmitted Data Manipulation
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1609 - Container Administration Command
  • T1546.011 - Application Shimming
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1027.014 - Polymorphic Code
  • T1590.006 - Network Security Appliances
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1654 - Log Enumeration
  • T1546.008 - Accessibility Features
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1526 - Cloud Service Discovery
  • T1656 - Impersonation
  • T1665 - Hide Infrastructure
MITREへのリンク →

Scattered Spider

Score: 0.59
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1547.005 - Security Support Provider
  • T1597 - Search Closed Sources
  • T1565.002 - Transmitted Data Manipulation
  • T1098.007 - Additional Local or Domain Groups
  • T1556.008 - Network Provider DLL
  • T1197 - BITS Jobs
  • T1144 - Gatekeeper Bypass
  • T1210 - Exploitation of Remote Services
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1083 - File and Directory Discovery
  • T1609 - Container Administration Command
  • T1590.006 - Network Security Appliances
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027 - Obfuscated Files or Information
  • T1560.003 - Archive via Custom Method
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る