Trusted Design

Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor

概要

A financially-motivated cybercrime cluster designated CL-CRI-1089 has launched Operation FlutterBridge, deploying FlutterShell backdoor malware targeting macOS systems through malvertising. Built with the Flutter framework, FlutterShell masquerades as legitimate applications including podcast players and PDF viewers, delivering adware with full backdoor capabilities such as shell command execution and file system manipulation. The malware uses a WebView-based architecture with JavaScript-to-native bridge, allowing attackers to dynamically modify behavior without recompiling. Distribution occurs through hundreds of Google-verified advertisements controlled by shell companies including AdsParkPro LTD and Advantage Web Marketing LLC. The campaign primarily targets Anglophone and Western European markets. All samples were signed with valid Apple Developer IDs and successfully passed notarization, achieving zero detections on VirusTotal initially. The malware hijacks Google Chrome browsers, redirecting traffic ...

Created: 2026-06-03

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 15.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

menuPass

Score: 19.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 16.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 10.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1051 - Shared Webroot
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 9.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
MITREへのリンク →

Volt Typhoon

Score: 35.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1584.002 - DNS Server
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 12.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 37.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1596.001 - DNS/Passive DNS
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 4.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
MITREへのリンク →

Chimera

Score: 10.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 9.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.001 - DNS/Passive DNS
  • T1063 - Security Software Discovery
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT39

Score: 13.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

RedCurl

Score: 14.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT5

Score: 12.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1180 - Screensaver
  • T1106 - Native API
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Agrius

Score: 5.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 10.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT41

Score: 16.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1106 - Native API
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

MuddyWater

Score: 19.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT28

Score: 19.60
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 28.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

BRONZE BUTLER

Score: 9.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

UNC3886

Score: 19.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.001 - DNS/Passive DNS
  • T1556.002 - Password Filter DLL
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 47.56
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 13.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
MITREへのリンク →

FIN8

Score: 10.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 20.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Lotus Blossom

Score: 7.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

FIN13

Score: 19.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Earth Lusca

Score: 22.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Magic Hound

Score: 31.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Aquatic Panda

Score: 8.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1106 - Native API
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 10.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 8.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1665 - Hide Infrastructure
MITREへのリンク →

Scattered Spider

Score: 38.12
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN4

Score: 5.01
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1598.003 - Spearphishing Link
MITREへのリンク →

APT32

Score: 23.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1556 - Modify Authentication Process
MITREへのリンク →

Saint Bear

Score: 9.00
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

FIN6

Score: 13.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sidewinder

Score: 7.60
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
MITREへのリンク →

Winter Vivern

Score: 13.61
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Silence

Score: 7.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 30.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

LazyScripter

Score: 6.38
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

TA505

Score: 18.49
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 15.80
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Cobalt Group

Score: 7.39
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1598.004 - Spearphishing Voice
MITREへのリンク →

Higaisa

Score: 7.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 13.44
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 4.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1051 - Shared Webroot
MITREへのリンク →

TA578

Score: 3.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
MITREへのリンク →

Evilnum

Score: 4.90
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Star Blizzard

Score: 13.02
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
MITREへのリンク →

HEXANE

Score: 12.68
Matched TTPs:
  • T1099 - Timestomp
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT29

Score: 29.52
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 27.15
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TA2541

Score: 8.95
Matched TTPs:
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
MITREへのリンク →

Mustard Tempest

Score: 4.54
Matched TTPs:
  • T1682 - Query Public AI Services
MITREへのリンク →

Dragonfly

Score: 17.61
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 8.19
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Ember Bear

Score: 9.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Silent Librarian

Score: 14.24
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
MITREへのリンク →

Lazarus Group

Score: 39.61
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1598.003 - Spearphishing Link
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
MITREへのリンク →

LuminousMoth

Score: 3.15
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
MITREへのリンク →

BlackTech

Score: 4.03
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Storm-0501

Score: 13.25
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Sandworm Team

Score: 38.38
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
MITREへのリンク →

Leviathan

Score: 12.94
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

Rocke

Score: 12.72
Matched TTPs:
  • T1180 - Screensaver
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 27.37
Matched TTPs:
  • T1180 - Screensaver
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
MITREへのリンク →

Tropic Trooper

Score: 14.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 6.60
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

WIRTE

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

EXOTIC LILY

Score: 4.68
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Patchwork

Score: 3.71
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1665 - Hide Infrastructure
MITREへのリンク →

RTM

Score: 3.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Confucius

Score: 5.72
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT12

Score: 5.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

APT19

Score: 4.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

SideCopy

Score: 6.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1584.002 - DNS Server
MITREへのリンク →

OilRig

Score: 26.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1592.002 - Software
  • T1556 - Modify Authentication Process
MITREへのリンク →

Moonstone Sleet

Score: 11.93
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

Machete

Score: 3.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Tonto Team

Score: 5.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT37

Score: 5.56
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
MITREへのリンク →

CURIUM

Score: 8.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
MITREへのリンク →

IndigoZebra

Score: 4.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

DarkHydrus

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
MITREへのリンク →

APT-C-36

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TeamTNT

Score: 23.62
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1106 - Native API
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1665 - Hide Infrastructure
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Medusa Group

Score: 15.28
Matched TTPs:
  • T1106 - Native API
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Storm-1811

Score: 11.32
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

APT42

Score: 5.27
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
MITREへのリンク →

ZIRCONIUM

Score: 10.78
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

LAPSUS$

Score: 10.21
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
MITREへのリンク →

Salt Typhoon

Score: 8.93
Matched TTPs:
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1556 - Modify Authentication Process
MITREへのリンク →

Moses Staff

Score: 3.81
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Velvet Ant

Score: 8.27
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackByte

Score: 12.08
Matched TTPs:
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

FIN5

Score: 5.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Stealth Falcon

Score: 3.81
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Axiom

Score: 11.44
Matched TTPs:
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1160 - Launch Daemon
MITREへのリンク →

Thrip

Score: 5.67
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1027.004 - Compile After Delivery
  • T1560.001 - Archive via Utility
  • T1565.002 - Transmitted Data Manipulation
  • T1131 - Authentication Package
  • T1098.007 - Additional Local or Domain Groups
  • T1213.006 - Databases
  • T1609 - Container Administration Command
  • T1003.007 - Proc Filesystem
  • T1665 - Hide Infrastructure
  • T1051 - Shared Webroot
  • T1009 - Binary Padding
  • T1197 - BITS Jobs
  • T1546.013 - PowerShell Profile
MITREへのリンク →

Lazarus Group

Score: 0.58
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1665 - Hide Infrastructure
  • T1556 - Modify Authentication Process
  • T1608.005 - Link Target
  • T1590.006 - Network Security Appliances
  • T1055.005 - Thread Local Storage
  • T1596.001 - DNS/Passive DNS
  • T1597 - Search Closed Sources
  • T1069.001 - Local Groups
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1106 - Native API
  • T1547.011 - Plist Modification
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1049 - System Network Connections Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1063 - Security Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1016.002 - Wi-Fi Discovery
  • T1686.003 - Windows Host Firewall
  • T1027 - Obfuscated Files or Information
  • T1546.008 - Accessibility Features
  • T1075 - Pass the Hash
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1484.002 - Trust Modification
MITREへのリンク →

Scattered Spider

Score: 0.56
Matched TTPs:
  • T1609 - Container Administration Command
  • T1666 - Modify Cloud Resource Hierarchy
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1590.006 - Network Security Appliances
  • T1556.008 - Network Provider DLL
  • T1547.005 - Security Support Provider
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1565.002 - Transmitted Data Manipulation
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Mustang Panda

Score: 0.55
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1136.003 - Cloud Account
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1556 - Modify Authentication Process
  • T1608.005 - Link Target
  • T1590.006 - Network Security Appliances
  • T1169 - Sudo
  • T1055.005 - Thread Local Storage
  • T1596.001 - DNS/Passive DNS
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る