Trusted Design

Reloaded in a modern Remcos RAT Infection

概要

Analysts discovered a new Remcos RAT infection chain starting with a batch file executing encoded commands that creates hidden directories and retrieves encrypted payloads. Unlike earlier campaigns relying on PowerShell-hosted .NET loaders, this variant incorporates DonutLoader shellcode and AutoIt-based staging for in-memory payload delivery. The infection begins with a phishing email containing a malicious batch file named Bestellung.CMD. The chain abuses legitimate Windows utilities including cscript.exe and SyncAppvPublishingServer.vbs to execute Base64-encoded payloads. Additional components are downloaded from cloud storage, including 7Zip tools and password-protected archives containing obfuscated JScript. The final payload consists of DonutLoader shellcode that injects Remcos RAT version 7.2.1 Pro into colorcpl.exe, enabling remote control, credential harvesting, keystroke logging, and additional payload deployment.

Created: 2026-06-01

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 20.52
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1071.005 - Publish/Subscribe Protocols
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
MITREへのリンク →

APT29

Score: 34.61
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Scattered Spider

Score: 42.77
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1560.003 - Archive via Custom Method
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →

Turla

Score: 22.45
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

APT32

Score: 23.31
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 4.72
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN6

Score: 10.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562 - Impair Defenses
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 6.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
MITREへのリンク →

MuddyWater

Score: 22.70
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1562 - Impair Defenses
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Earth Lusca

Score: 10.04
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Winter Vivern

Score: 11.47
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
MITREへのリンク →

Silence

Score: 11.51
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
MITREへのリンク →

Contagious Interview

Score: 28.65
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 5.67
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1591.004 - Identify Roles
MITREへのリンク →

TA505

Score: 20.34
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1527 - Application Access Token
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN7

Score: 12.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1009 - Binary Padding
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Cobalt Group

Score: 10.21
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.004 - Spearphishing Voice
  • T1591.004 - Identify Roles
MITREへのリンク →

Higaisa

Score: 11.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 41.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 14.40
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Leafminer

Score: 7.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562 - Impair Defenses
  • T1051 - Shared Webroot
MITREへのリンク →

Mustang Panda

Score: 28.46
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1071.005 - Publish/Subscribe Protocols
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1591.004 - Identify Roles
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Evilnum

Score: 8.08
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.009 - Safe Mode Boot
  • T1562 - Impair Defenses
MITREへのリンク →

Star Blizzard

Score: 10.63
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Magic Hound

Score: 27.90
Matched TTPs:
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

HEXANE

Score: 13.83
Matched TTPs:
  • T1099 - Timestomp
  • T1562 - Impair Defenses
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Gamaredon Group

Score: 24.57
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1562.009 - Safe Mode Boot
  • T1090 - Proxy
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
MITREへのリンク →

TA2541

Score: 4.54
Matched TTPs:
  • T1099 - Timestomp
  • T1597 - Search Closed Sources
MITREへのリンク →

Lotus Blossom

Score: 5.95
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 22.37
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1591.004 - Identify Roles
MITREへのリンク →

HAFNIUM

Score: 5.17
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1591.004 - Identify Roles
MITREへのリンク →

Volt Typhoon

Score: 46.68
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1071.005 - Publish/Subscribe Protocols
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1562 - Impair Defenses
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN8

Score: 8.79
Matched TTPs:
  • T1099 - Timestomp
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT41

Score: 31.80
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1562 - Impair Defenses
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
  • T1591.004 - Identify Roles
MITREへのリンク →

APT3

Score: 17.97
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
MITREへのリンク →

Daggerfly

Score: 6.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
MITREへのリンク →

GALLIUM

Score: 11.47
Matched TTPs:
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
MITREへのリンク →

Dragonfly

Score: 13.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Ke3chang

Score: 21.82
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
MITREへのリンク →

Agrius

Score: 7.32
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

APT5

Score: 5.28
Matched TTPs:
  • T1584.008 - Network Devices
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

menuPass

Score: 13.34
Matched TTPs:
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

Threat Group-3390

Score: 14.32
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1574.009 - Path Interception by Unquoted Path
  • T1591.004 - Identify Roles
MITREへのリンク →

Wizard Spider

Score: 21.06
Matched TTPs:
  • T1584.008 - Network Devices
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ember Bear

Score: 15.50
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Chimera

Score: 17.52
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 34.74
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1562 - Impair Defenses
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1048 - Exfiltration Over Alternative Protocol
  • T1592.002 - Software
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT39

Score: 12.47
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1562 - Impair Defenses
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tropic Trooper

Score: 17.16
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT18

Score: 3.70
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1591.004 - Identify Roles
MITREへのリンク →

RedCurl

Score: 22.38
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1071.005 - Publish/Subscribe Protocols
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1055.009 - Proc Memory
MITREへのリンク →

Sea Turtle

Score: 7.42
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1137.004 - Outlook Home Page
MITREへのリンク →

APT1

Score: 12.25
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

Storm-0501

Score: 18.70
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1055.009 - Proc Memory
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Darkhotel

Score: 8.39
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1562.009 - Safe Mode Boot
  • T1590.006 - Network Security Appliances
  • T1591.004 - Identify Roles
MITREへのリンク →

Lazarus Group

Score: 34.47
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

ZIRCONIUM

Score: 12.70
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
MITREへのリンク →

Stealth Falcon

Score: 12.25
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1562 - Impair Defenses
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

APT33

Score: 12.86
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1562 - Impair Defenses
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

BRONZE BUTLER

Score: 13.98
Matched TTPs:
  • T1071.005 - Publish/Subscribe Protocols
  • T1003.007 - Proc Filesystem
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Sandworm Team

Score: 26.87
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
MITREへのリンク →

Leviathan

Score: 16.37
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1488 - Disk Content Wipe
MITREへのリンク →

TeamTNT

Score: 16.18
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

Aquatic Panda

Score: 5.27
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 6.68
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
MITREへのリンク →

PROMETHIUM

Score: 3.84
Matched TTPs:
  • T1530 - Data from Cloud Storage
MITREへのリンク →

Patchwork

Score: 7.63
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

UNC3886

Score: 15.41
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Akira

Score: 12.81
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Medusa Group

Score: 15.32
Matched TTPs:
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

LAPSUS$

Score: 22.32
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1601 - Modify System Image
  • T1137.004 - Outlook Home Page
  • T1564.003 - Hidden Window
MITREへのリンク →

Salt Typhoon

Score: 5.09
Matched TTPs:
  • T1009 - Binary Padding
  • T1556 - Modify Authentication Process
MITREへのリンク →

Rocke

Score: 8.88
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

ToddyCat

Score: 7.86
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT38

Score: 26.22
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1591.004 - Identify Roles
  • T1059.005 - Visual Basic
MITREへのリンク →

Velvet Ant

Score: 8.27
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 15.01
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

Moonstone Sleet

Score: 9.54
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

APT42

Score: 3.76
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

CURIUM

Score: 4.26
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
MITREへのリンク →

Silent Librarian

Score: 5.73
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

Tonto Team

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Play

Score: 7.66
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1591.004 - Identify Roles
MITREへのリンク →

SideCopy

Score: 5.60
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 10.20
Matched TTPs:
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
MITREへのリンク →

INC Ransom

Score: 14.29
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1055.009 - Proc Memory
MITREへのリンク →

LuminousMoth

Score: 5.41
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Confucius

Score: 4.81
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

Dark Caracal

Score: 4.39
Matched TTPs:
  • T1048 - Exfiltration Over Alternative Protocol
  • T1591.004 - Identify Roles
MITREへのリンク →

DarkHydrus

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Storm-1811

Score: 7.83
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1591.004 - Identify Roles
MITREへのリンク →

APT37

Score: 3.30
Matched TTPs:
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Machete

Score: 3.30
Matched TTPs:
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Cinnamon Tempest

Score: 3.30
Matched TTPs:
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

APT17

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.70
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1556.002 - Password Filter DLL
  • T1562 - Impair Defenses
  • T1003.007 - Proc Filesystem
  • T1099 - Timestomp
  • T1584.002 - DNS Server
  • T1547.005 - Security Support Provider
  • T1488 - Disk Content Wipe
  • T1071.005 - Publish/Subscribe Protocols
  • T1562.009 - Safe Mode Boot
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1665 - Hide Infrastructure
  • T1055.004 - Asynchronous Procedure Call
  • T1591.004 - Identify Roles
  • T1686.003 - Windows Host Firewall
MITREへのリンク →

Scattered Spider

Score: 0.64
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1564.003 - Hidden Window
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1547.005 - Security Support Provider
  • T1027 - Obfuscated Files or Information
  • T1083 - File and Directory Discovery
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1666 - Modify Cloud Resource Hierarchy
  • T1197 - BITS Jobs
  • T1685.004 - Disable or Modify Linux Audit System Log
MITREへのリンク →

Kimsuky

Score: 0.62
Matched TTPs:
  • T1609 - Container Administration Command
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1665 - Hide Infrastructure
  • T1027.004 - Compile After Delivery
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1213.006 - Databases
  • T1087.004 - Cloud Account
  • T1546.013 - PowerShell Profile
  • T1597 - Search Closed Sources
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1131 - Authentication Package
  • T1197 - BITS Jobs
  • T1009 - Binary Padding
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る