Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
概要
The Russian-aligned cyber espionage group Pawn Storm has launched a new campaign using the PRISMEX malware suite to target Ukrainian defense and Western military aid infrastructure. The campaign exploits vulnerabilities CVE-2026-21509 and CVE-2026-21513, using advanced steganography, COM hijacking, and cloud service abuse for command and control. PRISMEX components include a dropper, steganography loader, and Covenant Grunt implant. The attacks focus on compromising the Ukrainian defense supply chain, including military allies, meteorological data providers, and transport hubs. The campaign demonstrates Pawn Storm's continued aggression and ability to rapidly weaponize vulnerabilities, posing a significant threat to government and critical infrastructure entities in Central and Eastern Europe.
Created: 2026-04-26
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 26.51
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1136.003 - Cloud Account
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 51.27
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1041 - Exfiltration Over C2 Channel
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1197 - BITS Jobs
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
MITREへのリンク →
Score: 19.79
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1685 - Disable or Modify Tools
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 25.95
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1682 - Query Public AI Services
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.64
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 44.22
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1181 - Extra Window Memory Injection
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1218.012 - Verclsid
- T1556.008 - Network Provider DLL
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1223 - Compiled HTML File
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.55
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
- T1199 - Trusted Relationship
- T1668 - Exclusive Control
MITREへのリンク →
Score: 30.84
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1175 - Component Object Model and Distributed COM
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 18.08
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.92
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 37.16
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 12.10
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 14.42
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 16.96
Matched TTPs:
- T1584.008 - Network Devices
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.31
Matched TTPs:
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.58
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1175 - Component Object Model and Distributed COM
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1003.003 - NTDS
MITREへのリンク →
Score: 18.87
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1175 - Component Object Model and Distributed COM
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.72
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 24.51
Matched TTPs:
- T1606.002 - SAML Tokens
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 27.09
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1574.014 - AppDomainManager
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 21.87
Matched TTPs:
- T1606.002 - SAML Tokens
- T1556.002 - Password Filter DLL
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 10.12
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 29.52
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.76
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 9.18
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.46
Matched TTPs:
- T1606.002 - SAML Tokens
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.76
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 24.88
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.94
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1071.003 - Mail Protocols
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 21.56
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 45.02
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1556.008 - Network Provider DLL
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1090.004 - Domain Fronting
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 14.60
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1090.004 - Domain Fronting
MITREへのリンク →
Score: 9.78
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.09
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1584.005 - Botnet
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 15.00
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1039 - Data from Network Shared Drive
- T1197 - BITS Jobs
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 29.06
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 30.66
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1592.003 - Firmware
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 30.20
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.003 - Firmware
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.77
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1657 - Financial Theft
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 10.79
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1098.007 - Additional Local or Domain Groups
- T1175 - Component Object Model and Distributed COM
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1199 - Trusted Relationship
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 17.76
Matched TTPs:
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1175 - Component Object Model and Distributed COM
- T1049 - System Network Connections Discovery
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.48
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.51
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1668 - Exclusive Control
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 17.09
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1592.003 - Firmware
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 19.67
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 33.13
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1556.002 - Password Filter DLL
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1488 - Disk Content Wipe
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1668 - Exclusive Control
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 12.30
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.19
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.73
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1175 - Component Object Model and Distributed COM
- T1218.012 - Verclsid
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1203 - Exploitation for Client Execution
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 9.84
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.10
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1175 - Component Object Model and Distributed COM
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 16.69
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1055.014 - VDSO Hijacking
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.22
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.86
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1098.007 - Additional Local or Domain Groups
- T1175 - Component Object Model and Distributed COM
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 6.72
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.68
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.30
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.24
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 15.11
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1175 - Component Object Model and Distributed COM
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.04
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1055.014 - VDSO Hijacking
- T1157 - Dylib Hijacking
- T1488 - Disk Content Wipe
- T1592.003 - Firmware
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 8.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1002 - Data Compressed
MITREへのリンク →
Score: 9.62
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 14.09
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1175 - Component Object Model and Distributed COM
- T1049 - System Network Connections Discovery
- T1157 - Dylib Hijacking
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 13.17
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.17
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.64
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 11.77
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1196 - Control Panel Items
- T1199 - Trusted Relationship
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.64
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.85
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.27
Matched TTPs:
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 6.76
Matched TTPs:
- T1684 - Social Engineering
- T1199 - Trusted Relationship
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1684 - Social Engineering
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.33
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.99
Matched TTPs:
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 25.08
Matched TTPs:
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1175 - Component Object Model and Distributed COM
- T1556.008 - Network Provider DLL
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1592.003 - Firmware
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1009 - Binary Padding
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
MITREへのリンク →
Score: 8.69
Matched TTPs:
- T1101 - Security Support Provider
- T1199 - Trusted Relationship
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.59
Matched TTPs:
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1177 - LSASS Driver
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.50
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1199 - Trusted Relationship
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 8.70
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.19
Matched TTPs:
- T1218.012 - Verclsid
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 6.53
Matched TTPs:
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
MITREへのリンク →
Score: 9.61
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.90
Matched TTPs:
- T1199 - Trusted Relationship
- T1597 - Search Closed Sources
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1203 - Exploitation for Client Execution
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.34
Matched TTPs:
- T1199 - Trusted Relationship
- T1097 - Pass the Ticket
- T1157 - Dylib Hijacking
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.73
Matched TTPs:
- T1199 - Trusted Relationship
- T1157 - Dylib Hijacking
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1199 - Trusted Relationship
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1041 - Exfiltration Over C2 Channel
- T1566.002 - Spearphishing Link
- T1665 - Hide Infrastructure
- T1690 - Prevent Command History Logging
- T1668 - Exclusive Control
- T1098.007 - Additional Local or Domain Groups
- T1091 - Replication Through Removable Media
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1684 - Social Engineering
- T1055.014 - VDSO Hijacking
- T1009 - Binary Padding
- T1003.007 - Proc Filesystem
- T1027.018 - Invisible Unicode
- T1597 - Search Closed Sources
- T1218.012 - Verclsid
- T1003.003 - NTDS
- T1140 - Deobfuscate/Decode Files or Information
- T1037 - Boot or Logon Initialization Scripts
- T1197 - BITS Jobs
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1027.002 - Software Packing
- T1566.002 - Spearphishing Link
- T1134 - Access Token Manipulation
- T1019 - System Firmware
- T1547.005 - Security Support Provider
- T1564.003 - Hidden Window
- T1098.007 - Additional Local or Domain Groups
- T1197 - BITS Jobs
- T1685.004 - Disable or Modify Linux Audit System Log
- T1090.004 - Domain Fronting
- T1157 - Dylib Hijacking
- T1597 - Search Closed Sources
- T1199 - Trusted Relationship
- T1556.008 - Network Provider DLL
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1218.012 - Verclsid
- T1608.006 - SEO Poisoning
- T1547.008 - LSASS Driver
- T1140 - Deobfuscate/Decode Files or Information
- T1181 - Extra Window Memory Injection
- T1157 - Dylib Hijacking
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1199 - Trusted Relationship
- T1606.002 - SAML Tokens
- T1027.018 - Invisible Unicode
- T1202 - Indirect Command Execution
- T1556.008 - Network Provider DLL
- T1584.008 - Network Devices
- T1039 - Data from Network Shared Drive
- T1223 - Compiled HTML File
MITREへのリンク →
Related CVEs
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design