TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
概要
The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including information technology, energy, healthcare and public health, communications, and critical manufacturing.
According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates, along with placing sophisticated malware implants on critical systems. Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 80.39
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1583.005 - Botnet
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1055.014 - VDSO Hijacking
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1570 - Lateral Tool Transfer
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
- T1197 - BITS Jobs
- T1070.009 - Clear Persistence
- T1132.002 - Non-Standard Encoding
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
- T1003.003 - NTDS
- T1008 - Fallback Channels
- T1053.002 - At
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 15.47
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 37.13
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1178 - SID-History Injection
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1589 - Gather Victim Identity Information
- T1059.009 - Cloud API
- T1564.013 - Bind Mounts
- T1136.002 - Domain Account
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
- T1003.003 - NTDS
MITREへのリンク →
Score: 24.68
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1059.009 - Cloud API
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1498 - Network Denial of Service
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.59
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1166 - Setuid and Setgid
MITREへのリンク →
Score: 59.98
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1218.008 - Odbcconf
- T1064 - Scripting
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1070.009 - Clear Persistence
- T1221 - Template Injection
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 58.81
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1484.002 - Trust Modification
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1193 - Spearphishing Attachment
- T1049 - System Network Connections Discovery
- T1122 - Component Object Model Hijacking
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1187 - Forced Authentication
- T1166 - Setuid and Setgid
- T1075 - Pass the Hash
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.24
Matched TTPs:
- T1033 - System Owner/User Discovery
- T1566.002 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 55.66
Matched TTPs:
- T1216.001 - PubPrn
- T1024 - Custom Cryptographic Protocol
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1218.008 - Odbcconf
- T1136.002 - Domain Account
- T1596.004 - CDNs
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1601 - Modify System Image
- T1592.003 - Firmware
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1132.002 - Non-Standard Encoding
- T1588.005 - Exploits
MITREへのリンク →
Score: 52.83
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1164 - Re-opened Applications
- T1049 - System Network Connections Discovery
- T1057 - Process Discovery
- T1102.003 - One-Way Communication
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1065 - Uncommonly Used Port
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 48.56
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1583.005 - Botnet
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1139 - Bash History
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1197 - BITS Jobs
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1546.007 - Netsh Helper DLL
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 15.75
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1608.005 - Link Target
- T1570 - Lateral Tool Transfer
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 23.99
Matched TTPs:
- T1685.001 - Disable or Modify Windows Event Log
- T1484.002 - Trust Modification
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.78
Matched TTPs:
- T1682 - Query Public AI Services
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1547.013 - XDG Autostart Entries
- T1053.002 - At
MITREへのリンク →
Score: 18.34
Matched TTPs:
- T1178 - SID-History Injection
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.40
Matched TTPs:
- T1178 - SID-History Injection
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 46.44
Matched TTPs:
- T1178 - SID-History Injection
- T1606.002 - SAML Tokens
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1128 - Netsh Helper DLL
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1556.009 - Conditional Access Policies
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1055.015 - ListPlanting
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.68
Matched TTPs:
- T1178 - SID-History Injection
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 11.66
Matched TTPs:
- T1178 - SID-History Injection
- T1583.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 32.52
Matched TTPs:
- T1178 - SID-History Injection
- T1606.002 - SAML Tokens
- T1202 - Indirect Command Execution
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 14.23
Matched TTPs:
- T1178 - SID-History Injection
- T1140 - Deobfuscate/Decode Files or Information
- T1059.001 - PowerShell
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 31.93
Matched TTPs:
- T1178 - SID-History Injection
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1193 - Spearphishing Attachment
- T1657 - Financial Theft
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1578.002 - Create Cloud Instance
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.02
Matched TTPs:
- T1178 - SID-History Injection
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 23.85
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1564.013 - Bind Mounts
- T1144 - Gatekeeper Bypass
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 21.60
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1057 - Process Discovery
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 47.67
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1677 - Poisoned Pipeline Execution
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1057 - Process Discovery
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1567.002 - Exfiltration to Cloud Storage
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1055.015 - ListPlanting
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 29.39
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1564.013 - Bind Mounts
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1606 - Forge Web Credentials
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 9.98
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 18.58
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
- T1199 - Trusted Relationship
- T1498 - Network Denial of Service
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 20.68
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1612 - Build Image on Host
- T1122 - Component Object Model Hijacking
- T1574.010 - Services File Permissions Weakness
- T1128 - Netsh Helper DLL
- T1055.009 - Proc Memory
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 6.40
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 34.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1556.009 - Conditional Access Policies
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 56.47
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1136.001 - Local Account
- T1677 - Poisoned Pipeline Execution
- T1612 - Build Image on Host
- T1569.001 - Launchctl
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1169 - Sudo
- T1199 - Trusted Relationship
- T1567.002 - Exfiltration to Cloud Storage
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1071.001 - Web Protocols
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 16.17
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 31.70
Matched TTPs:
- T1606.002 - SAML Tokens
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1564.002 - Hidden Users
- T1057 - Process Discovery
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1065 - Uncommonly Used Port
- T1547.013 - XDG Autostart Entries
- T1055.015 - ListPlanting
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.30
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1120 - Peripheral Device Discovery
- T1064 - Scripting
- T1564.002 - Hidden Users
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 29.39
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1570 - Lateral Tool Transfer
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.71
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1657 - Financial Theft
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 43.10
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1144 - Gatekeeper Bypass
- T1136.002 - Domain Account
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1498 - Network Denial of Service
- T1027.002 - Software Packing
- T1547.013 - XDG Autostart Entries
- T1588.005 - Exploits
MITREへのリンク →
Score: 4.73
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 25.59
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 50.67
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1070.003 - Clear Command History
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1059.009 - Cloud API
- T1564.013 - Bind Mounts
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1187 - Forced Authentication
- T1592.003 - Firmware
- T1166 - Setuid and Setgid
- T1578.002 - Create Cloud Instance
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
- T1053.002 - At
MITREへのリンク →
Score: 9.81
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.69
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 25.52
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1218.008 - Odbcconf
- T1059 - Command and Scripting Interpreter
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 16.74
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1578.003 - Delete Cloud Instance
- T1677 - Poisoned Pipeline Execution
- T1166 - Setuid and Setgid
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 13.36
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 24.70
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
- T1589 - Gather Victim Identity Information
- T1059.009 - Cloud API
- T1144 - Gatekeeper Bypass
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 27.61
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1574 - Hijack Execution Flow
- T1592.003 - Firmware
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1059.003 - Windows Command Shell
- T1070.009 - Clear Persistence
- T1132.002 - Non-Standard Encoding
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.32
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1218.001 - Compiled HTML File
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 3.73
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1120 - Peripheral Device Discovery
MITREへのリンク →
Score: 9.12
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1053.002 - At
MITREへのリンク →
Score: 14.38
Matched TTPs:
- T1583.005 - Botnet
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1490 - Inhibit System Recovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1583.005 - Botnet
- T1199 - Trusted Relationship
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1159 - Launch Agent
MITREへのリンク →
Score: 26.26
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1606.001 - Web Cookies
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 33.33
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1578.003 - Delete Cloud Instance
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1030 - Data Transfer Size Limits
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
- T1055.015 - ListPlanting
- T1008 - Fallback Channels
MITREへのリンク →
Score: 9.89
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1001.001 - Junk Data
MITREへのリンク →
Score: 20.39
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.72
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.34
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1547.013 - XDG Autostart Entries
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 7.32
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.05
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1552.003 - Shell History
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 13.36
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1166 - Setuid and Setgid
- T1578.002 - Create Cloud Instance
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.05
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1570 - Lateral Tool Transfer
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.94
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1506 - Web Session Cookie
- T1055.009 - Proc Memory
MITREへのリンク →
Score: 23.30
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1677 - Poisoned Pipeline Execution
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1128 - Netsh Helper DLL
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
- T1132.002 - Non-Standard Encoding
MITREへのリンク →
Score: 15.51
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1091 - Replication Through Removable Media
- T1657 - Financial Theft
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1053.002 - At
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 4.79
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.38
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1059.009 - Cloud API
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 13.42
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 11.61
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1548 - Abuse Elevation Control Mechanism
- T1218.001 - Compiled HTML File
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 26.41
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1589 - Gather Victim Identity Information
- T1059.009 - Cloud API
- T1059.001 - PowerShell
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1556.009 - Conditional Access Policies
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.15
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 32.21
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1059.009 - Cloud API
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1598 - Phishing for Information
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
- T1216 - System Script Proxy Execution
MITREへのリンク →
Score: 7.06
Matched TTPs:
- T1120 - Peripheral Device Discovery
- T1570 - Lateral Tool Transfer
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1024 - Custom Cryptographic Protocol
- T1608.005 - Link Target
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.74
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.97
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1166 - Setuid and Setgid
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.60
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.49
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.009 - Cloud API
- T1064 - Scripting
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 10.86
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1690 - Prevent Command History Logging
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1122 - Component Object Model Hijacking
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 15.02
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1547.013 - XDG Autostart Entries
- T1588.005 - Exploits
MITREへのリンク →
Score: 9.33
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1166 - Setuid and Setgid
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.18
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.35
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1562.013 - Disable or Modify Network Device Firewall
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1055.009 - Proc Memory
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.80
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1049 - System Network Connections Discovery
- T1562.013 - Disable or Modify Network Device Firewall
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 8.14
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1570 - Lateral Tool Transfer
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1055.003 - Thread Execution Hijacking
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.91
Matched TTPs:
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1570 - Lateral Tool Transfer
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1059.009 - Cloud API
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.08
Matched TTPs:
- T1136.002 - Domain Account
- T1187 - Forced Authentication
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 15.99
Matched TTPs:
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1128 - Netsh Helper DLL
- T1070.009 - Clear Persistence
- T1547.008 - LSASS Driver
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1552.003 - Shell History
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 9.88
Matched TTPs:
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1601 - Modify System Image
MITREへのリンク →
Score: 7.03
Matched TTPs:
- T1608.005 - Link Target
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1059.001 - PowerShell
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.56
Matched TTPs:
- T1574.010 - Services File Permissions Weakness
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 15.34
Matched TTPs:
- T1199 - Trusted Relationship
- T1486 - Data Encrypted for Impact
- T1030 - Data Transfer Size Limits
- T1578.002 - Create Cloud Instance
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1199 - Trusted Relationship
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.65
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 3.60
Matched TTPs:
- T1199 - Trusted Relationship
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1166 - Setuid and Setgid
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 3.28
Matched TTPs:
- T1506 - Web Session Cookie
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1008 - Fallback Channels
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.81
Matched TTPs:
- T1132.002 - Non-Standard Encoding
- T1003.007 - Proc Filesystem
- T1126 - Network Share Connection Removal
- T1070.009 - Clear Persistence
- T1570 - Lateral Tool Transfer
- T1552.003 - Shell History
- T1583.005 - Botnet
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
- T1562.013 - Disable or Modify Network Device Firewall
- T1506 - Web Session Cookie
- T1690 - Prevent Command History Logging
- T1566.002 - Spearphishing Link
- T1053.002 - At
- T1055.014 - VDSO Hijacking
- T1003.003 - NTDS
- T1120 - Peripheral Device Discovery
- T1057 - Process Discovery
- T1197 - BITS Jobs
- T1490 - Inhibit System Recovery
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1030 - Data Transfer Size Limits
- T1033 - System Owner/User Discovery
- T1024 - Custom Cryptographic Protocol
- T1608.005 - Link Target
- T1091 - Replication Through Removable Media
- T1102.003 - One-Way Communication
- T1059.009 - Cloud API
MITREへのリンク →
Score: 0.65
Matched TTPs:
- T1070.009 - Clear Persistence
- T1484.002 - Trust Modification
- T1049 - System Network Connections Discovery
- T1193 - Spearphishing Attachment
- T1546.016 - Installer Packages
- T1564.008 - Email Hiding Rules
- T1583.005 - Botnet
- T1547.013 - XDG Autostart Entries
- T1187 - Forced Authentication
- T1566.002 - Spearphishing Link
- T1075 - Pass the Hash
- T1120 - Peripheral Device Discovery
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1033 - System Owner/User Discovery
- T1166 - Setuid and Setgid
- T1091 - Replication Through Removable Media
- T1122 - Component Object Model Hijacking
- T1102.003 - One-Way Communication
- T1157 - Dylib Hijacking
- T1005 - Data from Local System
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1126 - Network Share Connection Removal
- T1218.008 - Odbcconf
- T1070.009 - Clear Persistence
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1547.008 - LSASS Driver
- T1690 - Prevent Command History Logging
- T1021.006 - Windows Remote Management
- T1120 - Peripheral Device Discovery
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1030 - Data Transfer Size Limits
- T1033 - System Owner/User Discovery
- T1044 - File System Permissions Weakness
- T1547.005 - Security Support Provider
- T1221 - Template Injection
- T1608.005 - Link Target
- T1091 - Replication Through Removable Media
- T1102.003 - One-Way Communication
- T1064 - Scripting
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1547.005 - Security Support Provider
- T1024 - Custom Cryptographic Protocol
- T1601 - Modify System Image
- T1132.002 - Non-Standard Encoding
- T1218.008 - Odbcconf
- T1019 - System Firmware
- T1216.001 - PubPrn
- T1592.003 - Firmware
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1030 - Data Transfer Size Limits
- T1193 - Spearphishing Attachment
- T1596.004 - CDNs
- T1065 - Uncommonly Used Port
- T1588.005 - Exploits
- T1136.002 - Domain Account
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1071.001 - Web Protocols
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1612 - Build Image on Host
- T1547.013 - XDG Autostart Entries
- T1566.002 - Spearphishing Link
- T1055.005 - Thread Local Storage
- T1677 - Poisoned Pipeline Execution
- T1567.002 - Exfiltration to Cloud Storage
- T1120 - Peripheral Device Discovery
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1569.001 - Launchctl
- T1169 - Sudo
- T1024 - Custom Cryptographic Protocol
- T1608.005 - Link Target
- T1136.001 - Local Account
- T1091 - Replication Through Removable Media
- T1102.003 - One-Way Communication
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1570 - Lateral Tool Transfer
- T1049 - System Network Connections Discovery
- T1546.016 - Installer Packages
- T1547.013 - XDG Autostart Entries
- T1562.009 - Safe Mode Boot
- T1057 - Process Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1065 - Uncommonly Used Port
- T1164 - Re-opened Applications
- T1547.005 - Security Support Provider
- T1574.002 - DLL Side-Loading
- T1166 - Setuid and Setgid
- T1102.003 - One-Way Communication
- T1157 - Dylib Hijacking
- T1059.009 - Cloud API
- T1685.001 - Disable or Modify Windows Event Log
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1070.009 - Clear Persistence
- T1597 - Search Closed Sources
- T1547.008 - LSASS Driver
- T1547.013 - XDG Autostart Entries
- T1187 - Forced Authentication
- T1566.002 - Spearphishing Link
- T1053.002 - At
- T1070.003 - Clear Command History
- T1592.003 - Firmware
- T1578.002 - Create Cloud Instance
- T1120 - Peripheral Device Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1098.002 - Additional Email Delegate Permissions
- T1564.013 - Bind Mounts
- T1199 - Trusted Relationship
- T1547.005 - Security Support Provider
- T1024 - Custom Cryptographic Protocol
- T1608.005 - Link Target
- T1166 - Setuid and Setgid
- T1059.009 - Cloud API
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1583.005 - Botnet
- T1024 - Custom Cryptographic Protocol
- T1547.013 - XDG Autostart Entries
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1197 - BITS Jobs
- T1140 - Deobfuscate/Decode Files or Information
- T1070.009 - Clear Persistence
- T1566.002 - Spearphishing Link
- T1546.007 - Netsh Helper DLL
- T1592.003 - Firmware
- T1139 - Bash History
- T1122 - Component Object Model Hijacking
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1566.003 - Spearphishing via Service
- T1685.001 - Disable or Modify Windows Event Log
- T1059.001 - PowerShell
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design