Unmasking an Attack Chain of MuddyWater
概要
An intrusion attributed to MuddyWater, an Iranian-linked APT, was identified in a customer environment. The attack involved initial access through RDP, establishing an SSH tunnel, and deploying malware via DLL side-loading. The threat actor used FMAPP.exe, a legitimate Fortemedia Inc. application, to load a malicious FMAPP.dll for C2 communications. The timeline of activities revealed typos in commands, suggesting manual typing by the attacker. The intrusion included reconnaissance efforts, attempts to verify tunnel functionality, and issues with initial C2 communication. The attack targeted an Israeli company, aligning with known MuddyWater tactics.
Created: 2026-03-09
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 56.64
Matched TTPs:
- T1027.009 - Embedded Payloads
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1010 - Application Window Discovery
- T1585.002 - Email Accounts
- T1090.002 - External Proxy
- T1589.002 - Email Addresses
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1574.013 - KernelCallbackTable
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1027.007 - Dynamic API Resolution
- T1124 - System Time Discovery
- T1055.001 - Dynamic-link Library Injection
- T1566.003 - Spearphishing via Service
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 5.20
Matched TTPs:
- T1027.009 - Embedded Payloads
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 23.21
Matched TTPs:
- T1027.009 - Embedded Payloads
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1585.002 - Email Accounts
- T1589.002 - Email Addresses
- T1486 - Data Encrypted for Impact
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1203 - Exploitation for Client Execution
- T1518 - Software Discovery
MITREへのリンク →
Score: 8.86
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1083 - File and Directory Discovery
- T1218.001 - Compiled HTML File
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.45
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 8.55
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.45
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 39.63
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1210 - Exploitation of Remote Services
- T1110 - Brute Force
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1498 - Network Denial of Service
- T1137.002 - Office Test
- T1204.001 - Malicious Link
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 9.54
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1083 - File and Directory Discovery
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1053.002 - At
MITREへのリンク →
Score: 22.10
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1534 - Internal Spearphishing
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 21.24
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1203 - Exploitation for Client Execution
- T1518 - Software Discovery
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
MITREへのリンク →
Score: 26.14
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1110 - Brute Force
- T1078 - Valid Accounts
- T1546.010 - AppInit DLLs
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 10.74
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1589.002 - Email Addresses
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.87
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.06
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 20.69
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1553.005 - Mark-of-the-Web Bypass
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1204.001 - Malicious Link
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 11.91
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 19.99
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1210 - Exploitation of Remote Services
- T1110 - Brute Force
- T1078 - Valid Accounts
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 26.86
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1053.002 - At
MITREへのリンク →
Score: 14.27
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1016.001 - Internet Connection Discovery
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 6.09
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1140 - Deobfuscate/Decode Files or Information
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 33.75
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1016.001 - Internet Connection Discovery
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 14.30
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1486 - Data Encrypted for Impact
- T1566.004 - Spearphishing Voice
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 13.79
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1090 - Proxy
- T1134 - Access Token Manipulation
- T1574.012 - COR_PROFILER
MITREへのリンク →
Score: 22.38
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1052.001 - Exfiltration over USB
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1518 - Software Discovery
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 31.57
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1585.002 - Email Accounts
- T1593.003 - Code Repositories
- T1090 - Proxy
- T1204.005 - Malicious Library
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
- T1204.004 - Malicious Copy and Paste
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1574.001 - DLL
MITREへのリンク →
Score: 25.12
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
MITREへのリンク →
Score: 23.16
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1219 - Remote Access Tools
- T1595.002 - Vulnerability Scanning
- T1610 - Deploy Container
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1562.001 - Disable or Modify Tools
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 35.44
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1556.002 - Password Filter DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1219 - Remote Access Tools
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1218.001 - Compiled HTML File
- T1110 - Brute Force
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 32.38
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1027.016 - Junk Code Insertion
- T1589.002 - Email Addresses
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1036.003 - Rename Legitimate Utilities
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 29.39
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1583.002 - DNS Server
- T1608.001 - Upload Malware
- T1010 - Application Window Discovery
- T1585.002 - Email Accounts
- T1589.002 - Email Addresses
- T1049 - System Network Connections Discovery
- T1534 - Internal Spearphishing
- T1110 - Brute Force
- T1018 - Remote System Discovery
- T1518 - Software Discovery
MITREへのリンク →
Score: 38.20
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1546.008 - Accessibility Features
- T1553.005 - Mark-of-the-Web Bypass
- T1218.005 - Mshta
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1027.006 - HTML Smuggling
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 37.64
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1559.001 - Component Object Model
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1027.016 - Junk Code Insertion
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 14.10
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 24.07
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1134.003 - Make and Impersonate Token
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 19.04
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1589.002 - Email Addresses
- T1593.003 - Code Repositories
- T1083 - File and Directory Discovery
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 29.91
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1587.001 - Malware
- T1140 - Deobfuscate/Decode Files or Information
- T1055 - Process Injection
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
- T1055.001 - Dynamic-link Library Injection
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 40.17
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1070.007 - Clear Network Connection History and Configurations
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1010 - Application Window Discovery
- T1505.003 - Web Shell
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1518 - Software Discovery
- T1596.005 - Scan Databases
- T1124 - System Time Discovery
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 10.79
Matched TTPs:
- T1016.001 - Internet Connection Discovery
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.16
Matched TTPs:
- T1583.008 - Malvertising
- T1608.001 - Upload Malware
- T1583.004 - Server
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 8.97
Matched TTPs:
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1036.003 - Rename Legitimate Utilities
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 21.58
Matched TTPs:
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.004 - Server
- T1090.002 - External Proxy
- T1049 - System Network Connections Discovery
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 30.53
Matched TTPs:
- T1003.002 - Security Account Manager
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1598.002 - Spearphishing Attachment
- T1071.002 - File Transfer Protocols
- T1210 - Exploitation of Remote Services
- T1110 - Brute Force
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 17.57
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1078 - Valid Accounts
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 13.26
Matched TTPs:
- T1003.002 - Security Account Manager
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 49.38
Matched TTPs:
- T1003.002 - Security Account Manager
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1595.002 - Vulnerability Scanning
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1071.002 - File Transfer Protocols
- T1218.001 - Compiled HTML File
- T1110 - Brute Force
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1203 - Exploitation for Client Execution
- T1595.003 - Wordlist Scanning
- T1213.003 - Code Repositories
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 16.55
Matched TTPs:
- T1003.002 - Security Account Manager
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1070.004 - File Deletion
MITREへのリンク →
Score: 25.05
Matched TTPs:
- T1003.002 - Security Account Manager
- T1055 - Process Injection
- T1518.002 - Backup Software Discovery
- T1585.002 - Email Accounts
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 23.75
Matched TTPs:
- T1003.002 - Security Account Manager
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1210 - Exploitation of Remote Services
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 22.29
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1608.003 - Install Digital Certificate
- T1584.002 - DNS Server
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 11.52
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 44.59
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1583.004 - Server
- T1585.002 - Email Accounts
- T1027.016 - Junk Code Insertion
- T1589.002 - Email Addresses
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1071.002 - File Transfer Protocols
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.49
Matched TTPs:
- T1587.001 - Malware
- T1585.002 - Email Accounts
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 17.69
Matched TTPs:
- T1587.001 - Malware
- T1070.007 - Clear Network Connection History and Configurations
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1124 - System Time Discovery
MITREへのリンク →
Score: 12.31
Matched TTPs:
- T1587.001 - Malware
- T1574.001 - DLL
- T1608.001 - Upload Malware
- T1083 - File and Directory Discovery
- T1608.005 - Link Target
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 47.91
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1195 - Supply Chain Compromise
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1583.004 - Server
- T1585.002 - Email Accounts
- T1589.002 - Email Addresses
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1203 - Exploitation for Client Execution
- T1499 - Endpoint Denial of Service
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 8.10
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1602.002 - Network Device Configuration Dump
MITREへのリンク →
Score: 11.01
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.89
Matched TTPs:
- T1587.001 - Malware
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1587.001 - Malware
- T1083 - File and Directory Discovery
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 56.94
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1176.002 - IDE Extensions
- T1027.016 - Junk Code Insertion
- T1219.001 - IDE Tunneling
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1678 - Delay Execution
- T1052.001 - Exfiltration over USB
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1518 - Software Discovery
- T1027.007 - Dynamic API Resolution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 34.32
Matched TTPs:
- T1587.001 - Malware
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1546.011 - Application Shimming
- T1027.016 - Junk Code Insertion
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
MITREへのリンク →
Score: 30.82
Matched TTPs:
- T1652 - Device Driver Discovery
- T1559.001 - Component Object Model
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1650 - Acquire Access
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 38.12
Matched TTPs:
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1070.008 - Clear Mailbox Data
- T1598.004 - Spearphishing Voice
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1204 - User Execution
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1213.003 - Code Repositories
- T1018 - Remote System Discovery
- T1538 - Cloud Service Dashboard
MITREへのリンク →
Score: 10.47
Matched TTPs:
- T1484.002 - Trust Modification
- T1190 - Exploit Public-Facing Application
- T1110 - Brute Force
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 12.54
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1585.002 - Email Accounts
- T1589.002 - Email Addresses
- T1608.005 - Link Target
- T1078 - Valid Accounts
MITREへのリンク →
Score: 11.26
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
MITREへのリンク →
Score: 11.76
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1585.002 - Email Accounts
- T1598.002 - Spearphishing Attachment
- T1078 - Valid Accounts
MITREへのリンク →
Score: 14.91
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1583.004 - Server
- T1585.002 - Email Accounts
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.73
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1574.001 - DLL
- T1083 - File and Directory Discovery
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 37.23
Matched TTPs:
- T1559.001 - Component Object Model
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1218.003 - CMSTP
- T1090.002 - External Proxy
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1027.004 - Compile After Delivery
- T1518 - Software Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.71
Matched TTPs:
- T1574.001 - DLL
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 8.54
Matched TTPs:
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1090 - Proxy
- T1078 - Valid Accounts
MITREへのリンク →
Score: 16.09
Matched TTPs:
- T1574.001 - DLL
- T1055 - Process Injection
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1090.001 - Internal Proxy
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 10.49
Matched TTPs:
- T1574.001 - DLL
- T1505.003 - Web Shell
- T1090.002 - External Proxy
- T1210 - Exploitation of Remote Services
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1574.001 - DLL
- T1595.002 - Vulnerability Scanning
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1574.001 - DLL
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 24.69
Matched TTPs:
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1583.004 - Server
- T1090 - Proxy
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1210 - Exploitation of Remote Services
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 20.00
Matched TTPs:
- T1574.001 - DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1562.001 - Disable or Modify Tools
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1518 - Software Discovery
- T1124 - System Time Discovery
- T1053.002 - At
MITREへのリンク →
Score: 16.58
Matched TTPs:
- T1574.001 - DLL
- T1090.002 - External Proxy
- T1546.008 - Accessibility Features
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 6.06
Matched TTPs:
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 12.42
Matched TTPs:
- T1574.001 - DLL
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1518 - Software Discovery
MITREへのリンク →
Score: 3.28
Matched TTPs:
- T1574.001 - DLL
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 9.63
Matched TTPs:
- T1574.001 - DLL
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1055.001 - Dynamic-link Library Injection
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.65
Matched TTPs:
- T1218.007 - Msiexec
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 38.96
Matched TTPs:
- T1218.007 - Msiexec
- T1140 - Deobfuscate/Decode Files or Information
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1553.005 - Mark-of-the-Web Bypass
- T1218.005 - Mshta
- T1218.001 - Compiled HTML File
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1036.003 - Rename Legitimate Utilities
- T1565.002 - Transmitted Data Manipulation
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.19
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1564.005 - Hidden File System
- T1090.001 - Internal Proxy
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 8.29
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1083 - File and Directory Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 24.44
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1134.003 - Make and Impersonate Token
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 11.38
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 12.16
Matched TTPs:
- T1608.001 - Upload Malware
- T1585.002 - Email Accounts
- T1589.002 - Email Addresses
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.39
Matched TTPs:
- T1608.001 - Upload Malware
- T1070.008 - Clear Mailbox Data
- T1585.002 - Email Accounts
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1505.003 - Web Shell
- T1595.003 - Wordlist Scanning
MITREへのリンク →
Score: 12.74
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1219 - Remote Access Tools
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
MITREへのリンク →
Score: 14.23
Matched TTPs:
- T1558 - Steal or Forge Kerberos Tickets
- T1219 - Remote Access Tools
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1219 - Remote Access Tools
- T1110 - Brute Force
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1219 - Remote Access Tools
- T1078 - Valid Accounts
MITREへのリンク →
Score: 13.42
Matched TTPs:
- T1219 - Remote Access Tools
- T1055 - Process Injection
- T1218.003 - CMSTP
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 12.99
Matched TTPs:
- T1055 - Process Injection
- T1090.002 - External Proxy
- T1218.001 - Compiled HTML File
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1055 - Process Injection
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1055 - Process Injection
- T1056.004 - Credential API Hooking
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1585.002 - Email Accounts
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 9.62
Matched TTPs:
- T1090.002 - External Proxy
- T1110 - Brute Force
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1589.002 - Email Addresses
- T1218.005 - Mshta
MITREへのリンク →
Score: 26.38
Matched TTPs:
- T1589.002 - Email Addresses
- T1598.004 - Spearphishing Voice
- T1593.003 - Code Repositories
- T1090 - Proxy
- T1204 - User Execution
- T1078 - Valid Accounts
- T1584.002 - DNS Server
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 7.38
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1083 - File and Directory Discovery
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 6.39
Matched TTPs:
- T1090 - Proxy
- T1083 - File and Directory Discovery
- T1518 - Software Discovery
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1090 - Proxy
- T1078 - Valid Accounts
MITREへのリンク →
Score: 4.53
Matched TTPs:
- T1083 - File and Directory Discovery
- T1049 - System Network Connections Discovery
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 6.49
Matched TTPs:
- T1083 - File and Directory Discovery
- T1218.005 - Mshta
- T1203 - Exploitation for Client Execution
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.23
Matched TTPs:
- T1049 - System Network Connections Discovery
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1071.002 - File Transfer Protocols
MITREへのリンク →
Score: 12.51
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1070.004 - File Deletion
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 6.63
Matched TTPs:
- T1518 - Software Discovery
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1518 - Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1598.003 - Spearphishing Link
- T1070.004 - File Deletion
- T1608.001 - Upload Malware
- T1587.001 - Malware
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1585.002 - Email Accounts
- T1052.001 - Exfiltration over USB
- T1049 - System Network Connections Discovery
- T1027.016 - Junk Code Insertion
- T1678 - Delay Execution
- T1176.002 - IDE Extensions
- T1027.007 - Dynamic API Resolution
- T1505.003 - Web Shell
- T1219.001 - IDE Tunneling
- T1203 - Exploitation for Client Execution
- T1218.005 - Mshta
- T1027.012 - LNK Icon Smuggling
- T1574.001 - DLL
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1574.013 - KernelCallbackTable
- T1070.004 - File Deletion
- T1078 - Valid Accounts
- T1587.001 - Malware
- T1010 - Application Window Discovery
- T1027.009 - Embedded Payloads
- T1036.003 - Rename Legitimate Utilities
- T1585.002 - Email Accounts
- T1055.001 - Dynamic-link Library Injection
- T1566.003 - Spearphishing via Service
- T1049 - System Network Connections Discovery
- T1090.001 - Internal Proxy
- T1562.001 - Disable or Modify Tools
- T1589.002 - Email Addresses
- T1027.007 - Dynamic API Resolution
- T1124 - System Time Discovery
- T1027.013 - Encrypted/Encoded File
- T1203 - Exploitation for Client Execution
- T1218.005 - Mshta
- T1574.001 - DLL
- T1090.002 - External Proxy
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1595.003 - Wordlist Scanning
- T1070.004 - File Deletion
- T1090 - Proxy
- T1596.005 - Scan Databases
- T1078 - Valid Accounts
- T1003.002 - Security Account Manager
- T1018 - Remote System Discovery
- T1546.008 - Accessibility Features
- T1055 - Process Injection
- T1049 - System Network Connections Discovery
- T1110 - Brute Force
- T1486 - Data Encrypted for Impact
- T1071.002 - File Transfer Protocols
- T1213.003 - Code Repositories
- T1218.001 - Compiled HTML File
- T1595.002 - Vulnerability Scanning
- T1203 - Exploitation for Client Execution
- T1574.001 - DLL
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1190 - Exploit Public-Facing Application
- T1083 - File and Directory Discovery
- T1598.003 - Spearphishing Link
- T1070.004 - File Deletion
- T1090 - Proxy
- T1078 - Valid Accounts
- T1195 - Supply Chain Compromise
- T1608.001 - Upload Malware
- T1587.001 - Malware
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1585.002 - Email Accounts
- T1583.004 - Server
- T1499 - Endpoint Denial of Service
- T1219 - Remote Access Tools
- T1049 - System Network Connections Discovery
- T1486 - Data Encrypted for Impact
- T1589.002 - Email Addresses
- T1505.003 - Web Shell
- T1595.002 - Vulnerability Scanning
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design