Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
概要
The Warlock ransomware group has enhanced its attack chain with improved methods for persistence, lateral movement, and evasion. Their updated toolset includes TightVNC, Yuze, and a persistent BYOVD technique exploiting the NSec driver. The group's primary targets were technology, manufacturing, and government sectors, with the US, Germany, and Russia being the most affected countries. Warlock continues to exploit unpatched Microsoft SharePoint servers for initial access, and has expanded its post-exploitation toolkit. New additions include TightVNC for persistent remote access, Yuze for establishing SOCKS5 connections, and a BYOVD technique using the NSecKrnl.sys driver to terminate security products. The group also leverages Velociraptor, VS Code tunnels, and Cloudflare Tunnel for C&C communications.
Created: 2026-04-15
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 14.93
Matched TTPs:
- T1213.002 - Sharepoint
- T1558 - Steal or Forge Kerberos Tickets
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 23.99
Matched TTPs:
- T1213.002 - Sharepoint
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1593.003 - Code Repositories
- T1583.003 - Virtual Private Server
- T1068 - Exploitation for Privilege Escalation
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 27.92
Matched TTPs:
- T1213.002 - Sharepoint
- T1589 - Gather Victim Identity Information
- T1598.004 - Spearphishing Voice
- T1593.003 - Code Repositories
- T1583.003 - Virtual Private Server
- T1621 - Multi-Factor Authentication Request Generation
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 15.03
Matched TTPs:
- T1213.002 - Sharepoint
- T1114.001 - Local Email Collection
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1556.001 - Domain Controller Authentication
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 30.83
Matched TTPs:
- T1213.002 - Sharepoint
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1059.003 - Windows Command Shell
- T1498 - Network Denial of Service
- T1137.002 - Office Test
MITREへのリンク →
Score: 17.21
Matched TTPs:
- T1213.002 - Sharepoint
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1583.008 - Malvertising
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 5.88
Matched TTPs:
- T1003.002 - Security Account Manager
- T1036.003 - Rename Legitimate Utilities
MITREへのリンク →
Score: 13.03
Matched TTPs:
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 27.97
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1218.005 - Mshta
- T1621 - Multi-Factor Authentication Request Generation
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1090.004 - Domain Fronting
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 15.94
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1134.003 - Make and Impersonate Token
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 23.44
Matched TTPs:
- T1003.002 - Security Account Manager
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1598.002 - Spearphishing Attachment
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 10.12
Matched TTPs:
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 31.01
Matched TTPs:
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1546.008 - Accessibility Features
- T1059.004 - Unix Shell
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1595.003 - Wordlist Scanning
- T1213.003 - Code Repositories
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 13.09
Matched TTPs:
- T1003.002 - Security Account Manager
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1505.003 - Web Shell
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 14.01
Matched TTPs:
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 20.41
Matched TTPs:
- T1003.002 - Security Account Manager
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1053.002 - At
MITREへのリンク →
Score: 18.05
Matched TTPs:
- T1003.002 - Security Account Manager
- T1055 - Process Injection
- T1518.002 - Backup Software Discovery
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 28.81
Matched TTPs:
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1095 - Non-Application Layer Protocol
- T1585 - Establish Accounts
- T1595.001 - Scanning IP Blocks
- T1018 - Remote System Discovery
- T1588.005 - Exploits
MITREへのリンク →
Score: 25.31
Matched TTPs:
- T1583.002 - DNS Server
- T1114.001 - Local Email Collection
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1059.004 - Unix Shell
- T1078 - Valid Accounts
- T1608.003 - Install Digital Certificate
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.55
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1583.003 - Virtual Private Server
- T1078 - Valid Accounts
MITREへのリンク →
Score: 16.66
Matched TTPs:
- T1583.002 - DNS Server
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1534 - Internal Spearphishing
- T1018 - Remote System Discovery
- T1518 - Software Discovery
MITREへのリンク →
Score: 6.34
Matched TTPs:
- T1114.001 - Local Email Collection
- T1587.001 - Malware
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1114.001 - Local Email Collection
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 27.94
Matched TTPs:
- T1114.001 - Local Email Collection
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1591.001 - Determine Physical Locations
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 11.85
Matched TTPs:
- T1114.001 - Local Email Collection
- T1190 - Exploit Public-Facing Application
- T1583.003 - Virtual Private Server
- T1584.006 - Web Services
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 37.44
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1218.005 - Mshta
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1218.010 - Regsvr32
- T1593.001 - Social Media
- T1585 - Establish Accounts
- T1059.003 - Windows Command Shell
- T1588.005 - Exploits
MITREへのリンク →
Score: 13.91
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1583.003 - Virtual Private Server
- T1486 - Data Encrypted for Impact
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 10.15
Matched TTPs:
- T1587.001 - Malware
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 16.76
Matched TTPs:
- T1587.001 - Malware
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 28.76
Matched TTPs:
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1593.003 - Code Repositories
- T1583.003 - Virtual Private Server
- T1059.004 - Unix Shell
- T1562.001 - Disable or Modify Tools
- T1593.001 - Social Media
- T1585 - Establish Accounts
- T1059.003 - Windows Command Shell
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 15.17
Matched TTPs:
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1059.003 - Windows Command Shell
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 17.68
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1059.004 - Unix Shell
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 10.95
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1608.005 - Link Target
MITREへのリンク →
Score: 23.74
Matched TTPs:
- T1587.001 - Malware
- T1586.001 - Social Media Accounts
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1499 - Endpoint Denial of Service
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Score: 9.28
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 7.67
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
MITREへのリンク →
Score: 18.70
Matched TTPs:
- T1587.001 - Malware
- T1584.003 - Virtual Private Server
- T1055 - Process Injection
- T1562.001 - Disable or Modify Tools
- T1584.006 - Web Services
- T1068 - Exploitation for Privilege Escalation
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 30.25
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1505.003 - Web Shell
- T1176.002 - IDE Extensions
- T1218.005 - Mshta
- T1052.001 - Exfiltration over USB
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1518 - Software Discovery
MITREへのリンク →
Score: 16.13
Matched TTPs:
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1562.004 - Disable or Modify System Firewall
- T1059.004 - Unix Shell
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
- T1595.001 - Scanning IP Blocks
MITREへのリンク →
Score: 24.56
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 37.51
Matched TTPs:
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1589 - Gather Victim Identity Information
- T1598.004 - Spearphishing Voice
- T1621 - Multi-Factor Authentication Request Generation
- T1059.004 - Unix Shell
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1486 - Data Encrypted for Impact
- T1556.009 - Conditional Access Policies
- T1213.003 - Code Repositories
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 14.82
Matched TTPs:
- T1484.002 - Trust Modification
- T1190 - Exploit Public-Facing Application
- T1486 - Data Encrypted for Impact
- T1218.010 - Regsvr32
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 18.19
Matched TTPs:
- T1586.001 - Social Media Accounts
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1534 - Internal Spearphishing
- T1078 - Valid Accounts
- T1218.010 - Regsvr32
- T1027.003 - Steganography
MITREへのリンク →
Score: 11.17
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1518 - Software Discovery
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1078 - Valid Accounts
MITREへのリンク →
Score: 5.51
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1068 - Exploitation for Privilege Escalation
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 24.55
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1218.005 - Mshta
- T1068 - Exploitation for Privilege Escalation
- T1218.010 - Regsvr32
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 12.41
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1598.002 - Spearphishing Attachment
- T1078 - Valid Accounts
MITREへのリンク →
Score: 12.89
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1584.006 - Web Services
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.41
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 26.02
Matched TTPs:
- T1584.003 - Virtual Private Server
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1059.004 - Unix Shell
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1518 - Software Discovery
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 24.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1583.003 - Virtual Private Server
- T1218.005 - Mshta
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1095 - Non-Application Layer Protocol
- T1027.004 - Compile After Delivery
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 15.67
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1505.003 - Web Shell
- T1052.001 - Exfiltration over USB
- T1027.003 - Steganography
- T1059.003 - Windows Command Shell
- T1518 - Software Discovery
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1608.001 - Upload Malware
- T1055 - Process Injection
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 16.73
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1218.005 - Mshta
- T1210 - Exploitation of Remote Services
- T1584.006 - Web Services
- T1027.003 - Steganography
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 10.68
Matched TTPs:
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1518 - Software Discovery
MITREへのリンク →
Score: 7.07
Matched TTPs:
- T1608.001 - Upload Malware
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 26.82
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1134.003 - Make and Impersonate Token
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 6.73
Matched TTPs:
- T1608.001 - Upload Malware
- T1068 - Exploitation for Privilege Escalation
- T1095 - Non-Application Layer Protocol
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1608.001 - Upload Malware
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 8.34
Matched TTPs:
- T1608.001 - Upload Malware
- T1593.001 - Social Media
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1608.001 - Upload Malware
- T1583.003 - Virtual Private Server
MITREへのリンク →
Score: 13.60
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1059.004 - Unix Shell
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1095 - Non-Application Layer Protocol
MITREへのリンク →
Score: 18.17
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1650 - Acquire Access
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 16.63
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1210 - Exploitation of Remote Services
- T1078 - Valid Accounts
- T1585 - Establish Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 3.85
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 11.50
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.17
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1218.010 - Regsvr32
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 7.37
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1595.003 - Wordlist Scanning
MITREへのリンク →
Score: 7.99
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 18.71
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1218.005 - Mshta
- T1210 - Exploitation of Remote Services
- T1562.001 - Disable or Modify Tools
- T1027.003 - Steganography
- T1027.004 - Compile After Delivery
- T1059.003 - Windows Command Shell
- T1518 - Software Discovery
MITREへのリンク →
Score: 6.20
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 17.28
Matched TTPs:
- T1055 - Process Injection
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 6.38
Matched TTPs:
- T1055 - Process Injection
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.25
Matched TTPs:
- T1055 - Process Injection
- T1068 - Exploitation for Privilege Escalation
- T1218.010 - Regsvr32
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 6.45
Matched TTPs:
- T1055 - Process Injection
- T1027.003 - Steganography
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 9.43
Matched TTPs:
- T1055 - Process Injection
- T1562.004 - Disable or Modify System Firewall
- T1059.004 - Unix Shell
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 7.22
Matched TTPs:
- T1055 - Process Injection
- T1068 - Exploitation for Privilege Escalation
- T1095 - Non-Application Layer Protocol
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1078 - Valid Accounts
MITREへのリンク →
Score: 9.34
Matched TTPs:
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1218.010 - Regsvr32
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 6.61
Matched TTPs:
- T1505.003 - Web Shell
- T1210 - Exploitation of Remote Services
- T1068 - Exploitation for Privilege Escalation
MITREへのリンク →
Score: 6.08
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.45
Matched TTPs:
- T1546.008 - Accessibility Features
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1542.002 - Component Firmware
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 7.83
Matched TTPs:
- T1218.005 - Mshta
- T1218.010 - Regsvr32
- T1518 - Software Discovery
MITREへのリンク →
Score: 9.08
Matched TTPs:
- T1218.005 - Mshta
- T1218.010 - Regsvr32
- T1027.003 - Steganography
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1059.004 - Unix Shell
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 13.00
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 13.92
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.003 - Steganography
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1518 - Software Discovery
- T1053.002 - At
MITREへのリンク →
Score: 8.36
Matched TTPs:
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 6.22
Matched TTPs:
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1053.002 - At
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1078 - Valid Accounts
- T1068 - Exploitation for Privilege Escalation
MITREへのリンク →
Score: 5.82
Matched TTPs:
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1027.003 - Steganography
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1585 - Establish Accounts
MITREへのリンク →
Score: 3.48
Matched TTPs:
- T1059.003 - Windows Command Shell
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1518 - Software Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1068 - Exploitation for Privilege Escalation
- T1598.003 - Spearphishing Link
- T1078 - Valid Accounts
- T1213.003 - Code Repositories
- T1589 - Gather Victim Identity Information
- T1621 - Multi-Factor Authentication Request Generation
- T1486 - Data Encrypted for Impact
- T1059.004 - Unix Shell
- T1484.002 - Trust Modification
- T1018 - Remote System Discovery
- T1562.001 - Disable or Modify Tools
- T1556.009 - Conditional Access Policies
- T1598.004 - Spearphishing Voice
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1588.005 - Exploits
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1059.003 - Windows Command Shell
- T1505.003 - Web Shell
- T1190 - Exploit Public-Facing Application
- T1055 - Process Injection
- T1593.001 - Social Media
- T1534 - Internal Spearphishing
- T1585 - Establish Accounts
- T1562.001 - Disable or Modify Tools
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1218.010 - Regsvr32
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1595.003 - Wordlist Scanning
- T1546.008 - Accessibility Features
- T1059.003 - Windows Command Shell
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1003.002 - Security Account Manager
- T1055 - Process Injection
- T1486 - Data Encrypted for Impact
- T1213.003 - Code Repositories
- T1059.004 - Unix Shell
- T1018 - Remote System Discovery
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1213.002 - Sharepoint
- T1583.003 - Virtual Private Server
- T1210 - Exploitation of Remote Services
- T1068 - Exploitation for Privilege Escalation
- T1598.003 - Spearphishing Link
- T1059.003 - Windows Command Shell
- T1505.003 - Web Shell
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1498 - Network Denial of Service
- T1091 - Replication Through Removable Media
- T1137.002 - Office Test
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1518 - Software Discovery
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1059.003 - Windows Command Shell
- T1095 - Non-Application Layer Protocol
- T1505.003 - Web Shell
- T1018 - Remote System Discovery
- T1091 - Replication Through Removable Media
- T1176.002 - IDE Extensions
- T1218.005 - Mshta
- T1052.001 - Exfiltration over USB
- T1608.001 - Upload Malware
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design