Unmasking an Attack Chain of MuddyWater
概要
An intrusion attributed to MuddyWater, an Iranian-linked APT, was identified in a customer environment. The attack involved initial access through RDP, establishing an SSH tunnel, and deploying malware via DLL side-loading. The threat actor used FMAPP.exe, a legitimate Fortemedia Inc. application, to load a malicious FMAPP.dll for C2 communications. The timeline of activities revealed typos in commands, suggesting manual typing by the attacker. The intrusion included reconnaissance efforts, attempts to verify tunnel functionality, and issues with initial C2 communication. The attack targeted an Israeli company, aligning with known MuddyWater tactics.
Created: 2026-03-09
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 47.50
Matched TTPs:
- T1132.001 - Standard Encoding
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1070.006 - Timestomp
- T1547.011 - Plist Modification
- T1134.002 - Create Process with Token
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1055.005 - Thread Local Storage
- T1587 - Develop Capabilities
- T1569.002 - Service Execution
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1132.001 - Standard Encoding
MITREへのリンク →
Score: 16.06
Matched TTPs:
- T1132.001 - Standard Encoding
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1491.002 - External Defacement
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 6.33
Matched TTPs:
- T1491.002 - External Defacement
- T1219.001 - IDE Tunneling
- T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →
Score: 3.09
Matched TTPs:
- T1491.002 - External Defacement
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.95
Matched TTPs:
- T1491.002 - External Defacement
- T1059.010 - AutoHotKey & AutoIT
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.09
Matched TTPs:
- T1491.002 - External Defacement
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 35.75
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1146 - Clear Command History
- T1588.003 - Code Signing Certificates
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.70
Matched TTPs:
- T1491.002 - External Defacement
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 18.46
Matched TTPs:
- T1491.002 - External Defacement
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 17.29
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 20.71
Matched TTPs:
- T1491.002 - External Defacement
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
- T1564.007 - VBA Stomping
- T1070.009 - Clear Persistence
- T1569.002 - Service Execution
MITREへのリンク →
Score: 9.38
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1491.002 - External Defacement
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.06
Matched TTPs:
- T1491.002 - External Defacement
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 16.99
Matched TTPs:
- T1491.002 - External Defacement
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1138 - Application Shimming
- T1597 - Search Closed Sources
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1491.002 - External Defacement
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1218.010 - Regsvr32
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1491.002 - External Defacement
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 15.92
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 19.74
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 12.91
Matched TTPs:
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.09
Matched TTPs:
- T1491.002 - External Defacement
- T1059.010 - AutoHotKey & AutoIT
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 21.97
Matched TTPs:
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1491.002 - External Defacement
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 13.79
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1505 - Server Software Component
- T1001.001 - Junk Data
MITREへのリンク →
Score: 16.51
Matched TTPs:
- T1491.002 - External Defacement
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 25.40
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1016 - System Network Configuration Discovery
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
- T1221 - Template Injection
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1491.002 - External Defacement
- T1089 - Disabling Security Tools
MITREへのリンク →
Score: 21.84
Matched TTPs:
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 21.43
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1562.004 - Disable or Modify System Firewall
- T1071.003 - Mail Protocols
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 23.17
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1586.002 - Email Accounts
- T1555.003 - Credentials from Web Browsers
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 27.75
Matched TTPs:
- T1491.002 - External Defacement
- T1566.002 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 21.30
Matched TTPs:
- T1099 - Timestomp
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1134.002 - Create Process with Token
- T1055.014 - VDSO Hijacking
- T1159 - Launch Agent
MITREへのリンク →
Score: 29.78
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1138 - Application Shimming
- T1218.012 - Verclsid
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 36.28
Matched TTPs:
- T1099 - Timestomp
- T1547.012 - Print Processors
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1092 - Communication Through Removable Media
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 10.82
Matched TTPs:
- T1099 - Timestomp
- T1219.001 - IDE Tunneling
- T1505 - Server Software Component
- T1569.002 - Service Execution
MITREへのリンク →
Score: 18.20
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1569.002 - Service Execution
MITREへのリンク →
Score: 17.49
Matched TTPs:
- T1099 - Timestomp
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1218.008 - Odbcconf
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 20.16
Matched TTPs:
- T1099 - Timestomp
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1587 - Develop Capabilities
- T1569.002 - Service Execution
MITREへのリンク →
Score: 30.17
Matched TTPs:
- T1099 - Timestomp
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1555.003 - Credentials from Web Browsers
- T1134.002 - Create Process with Token
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1574.002 - DLL Side-Loading
- T1569.002 - Service Execution
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1099 - Timestomp
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 7.61
Matched TTPs:
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 18.30
Matched TTPs:
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1547.011 - Plist Modification
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 26.47
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 14.29
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 9.19
Matched TTPs:
- T1584.008 - Network Devices
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 41.24
Matched TTPs:
- T1584.008 - Network Devices
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1041 - Exfiltration Over C2 Channel
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1070.009 - Clear Persistence
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 14.81
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 19.87
Matched TTPs:
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 19.68
Matched TTPs:
- T1584.008 - Network Devices
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 13.62
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 11.52
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 40.94
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1092 - Communication Through Removable Media
- T1134.002 - Create Process with Token
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 5.32
Matched TTPs:
- T1606.002 - SAML Tokens
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 10.96
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 10.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1219.001 - IDE Tunneling
- T1584.005 - Botnet
MITREへのリンク →
Score: 38.64
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
- T1134.002 - Create Process with Token
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 8.10
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1608.002 - Upload Tool
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.89
Matched TTPs:
- T1606.002 - SAML Tokens
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1606.002 - SAML Tokens
- T1219.001 - IDE Tunneling
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 45.89
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1136.001 - Local Account
- T1092 - Communication Through Removable Media
- T1562.006 - Indicator Blocking
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1608 - Stage Capabilities
- T1169 - Sudo
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 28.03
Matched TTPs:
- T1606.002 - SAML Tokens
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1555 - Credentials from Password Stores
- T1092 - Communication Through Removable Media
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1059.001 - PowerShell
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 20.11
Matched TTPs:
- T1036.008 - Masquerade File Type
- T1547.012 - Print Processors
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 30.10
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1019 - System Firmware
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1619 - Cloud Storage Object Discovery
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1564.003 - Hidden Window
- T1027.002 - Software Packing
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 10.25
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1134.002 - Create Process with Token
- T1584.005 - Botnet
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 7.31
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 9.48
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1657 - Financial Theft
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 7.51
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1557.003 - DHCP Spoofing
MITREへのリンク →
Score: 8.37
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 34.13
Matched TTPs:
- T1547.012 - Print Processors
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.84
Matched TTPs:
- T1089 - Disabling Security Tools
- T1219.001 - IDE Tunneling
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 8.54
Matched TTPs:
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1045 - Software Packing
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 14.35
Matched TTPs:
- T1089 - Disabling Security Tools
- T1684 - Social Engineering
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1569.002 - Service Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 10.49
Matched TTPs:
- T1089 - Disabling Security Tools
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1059.001 - PowerShell
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1089 - Disabling Security Tools
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1089 - Disabling Security Tools
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 20.05
Matched TTPs:
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1557.003 - DHCP Spoofing
- T1045 - Software Packing
- T1218.012 - Verclsid
- T1059.001 - PowerShell
MITREへのリンク →
Score: 12.02
Matched TTPs:
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
- T1219.001 - IDE Tunneling
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
- T1159 - Launch Agent
MITREへのリンク →
Score: 11.94
Matched TTPs:
- T1089 - Disabling Security Tools
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1219.001 - IDE Tunneling
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.70
Matched TTPs:
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 12.42
Matched TTPs:
- T1089 - Disabling Security Tools
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1159 - Launch Agent
MITREへのリンク →
Score: 7.90
Matched TTPs:
- T1089 - Disabling Security Tools
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1587 - Develop Capabilities
MITREへのリンク →
Score: 4.85
Matched TTPs:
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →
Score: 26.46
Matched TTPs:
- T1685.002 - Disable or Modify Cloud Log
- T1059.010 - AutoHotKey & AutoIT
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1219.001 - IDE Tunneling
- T1138 - Application Shimming
- T1218.012 - Verclsid
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.93
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1219.001 - IDE Tunneling
MITREへのリンク →
Score: 16.43
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 9.84
Matched TTPs:
- T1059.010 - AutoHotKey & AutoIT
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1557.003 - DHCP Spoofing
MITREへのリンク →
Score: 4.31
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1134.002 - Create Process with Token
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
MITREへのリンク →
Score: 8.66
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1137.005 - Outlook Rules
- T1586.002 - Email Accounts
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1586.002 - Email Accounts
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 12.06
Matched TTPs:
- T1586.002 - Email Accounts
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1218.010 - Regsvr32
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 11.45
Matched TTPs:
- T1684 - Social Engineering
- T1547.011 - Plist Modification
- T1048 - Exfiltration Over Alternative Protocol
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1684 - Social Engineering
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1684 - Social Engineering
- T1686 - Disable or Modify System Firewall
MITREへのリンク →
Score: 5.05
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1547.011 - Plist Modification
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1134.002 - Create Process with Token
- T1218.012 - Verclsid
MITREへのリンク →
Score: 22.24
Matched TTPs:
- T1134.002 - Create Process with Token
- T1019 - System Firmware
- T1218.008 - Odbcconf
- T1045 - Software Packing
- T1619 - Cloud Storage Object Discovery
- T1157 - Dylib Hijacking
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 6.39
Matched TTPs:
- T1045 - Software Packing
- T1219.001 - IDE Tunneling
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1045 - Software Packing
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1219.001 - IDE Tunneling
- T1218.012 - Verclsid
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 8.45
Matched TTPs:
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1070.009 - Clear Persistence
- T1505 - Server Software Component
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1174 - Password Filter DLL
- T1491.002 - External Defacement
- T1070.006 - Timestomp
- T1547.011 - Plist Modification
- T1132.001 - Standard Encoding
- T1157 - Dylib Hijacking
- T1055.005 - Thread Local Storage
- T1569.002 - Service Execution
- T1597 - Search Closed Sources
- T1070.009 - Clear Persistence
- T1134.002 - Create Process with Token
- T1089 - Disabling Security Tools
- T1218.012 - Verclsid
- T1218.010 - Regsvr32
- T1069.001 - Local Groups
- T1219.001 - IDE Tunneling
- T1606.002 - SAML Tokens
- T1587 - Develop Capabilities
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.68
Matched TTPs:
- T1218.012 - Verclsid
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1055.005 - Thread Local Storage
- T1092 - Communication Through Removable Media
- T1169 - Sudo
- T1218.010 - Regsvr32
- T1219.001 - IDE Tunneling
- T1159 - Launch Agent
- T1608 - Stage Capabilities
- T1136.001 - Local Account
- T1555.003 - Credentials from Web Browsers
- T1070.009 - Clear Persistence
- T1562.006 - Indicator Blocking
- T1566.002 - Spearphishing Link
- T1089 - Disabling Security Tools
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1157 - Dylib Hijacking
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1045 - Software Packing
- T1584.008 - Network Devices
- T1048 - Exfiltration Over Alternative Protocol
- T1218.010 - Regsvr32
- T1574.002 - DLL Side-Loading
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1564.003 - Hidden Window
- T1070.009 - Clear Persistence
- T1684 - Social Engineering
- T1002 - Data Compressed
- T1089 - Disabling Security Tools
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1134.002 - Create Process with Token
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1092 - Communication Through Removable Media
- T1557.003 - DHCP Spoofing
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1597 - Search Closed Sources
- T1140 - Deobfuscate/Decode Files or Information
- T1219.001 - IDE Tunneling
- T1608 - Stage Capabilities
- T1555.003 - Credentials from Web Browsers
- T1070.009 - Clear Persistence
- T1684 - Social Engineering
- T1566.002 - Spearphishing Link
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1562.004 - Disable or Modify System Firewall
- T1157 - Dylib Hijacking
- T1045 - Software Packing
- T1005 - Data from Local System
- T1557.003 - DHCP Spoofing
- T1218.010 - Regsvr32
- T1140 - Deobfuscate/Decode Files or Information
- T1586.002 - Email Accounts
- T1219.001 - IDE Tunneling
- T1555.003 - Credentials from Web Browsers
- T1070.009 - Clear Persistence
- T1134.002 - Create Process with Token
- T1566.002 - Spearphishing Link
- T1075 - Pass the Hash
- T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design