Security brief: tax scams aim to steal funds from taxpayers
概要
Threat actors are exploiting tax season with numerous campaigns leveraging tax themes to deliver malware, remote monitoring tools, fraud attempts, and credential phishing. Over a hundred campaigns have been observed in 2026, with a notable increase in remote monitoring and management (RMM) payloads. Tactics include impersonating tax agencies, claiming expired documents, and requesting tax filing support. While primarily targeting the United States, campaigns have also been observed in Canada, Australia, Switzerland, and Japan. Notable actors include TA4922, a newly designated threat group delivering malware from the Winos4.0 ecosystem, and TA2730, focusing on credential phishing for financial institutions. Business email compromise actors are also using tax form lures to steal financial and personal data. These campaigns demonstrate the ongoing exploitation of timely and topical themes by cybercriminals to deceive users.
Created: 2026-04-29
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 7.34
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1055.004 - Asynchronous Procedure Call
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 41.42
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1566.002 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1098.002 - Additional Email Delegate Permissions
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 19.65
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1049 - System Network Connections Discovery
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.67
Matched TTPs:
- T1682 - Query Public AI Services
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1584.008 - Network Devices
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.58
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 37.71
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1036.004 - Masquerade Task or Service
- T1218.012 - Verclsid
- T1039 - Data from Network Shared Drive
- T1223 - Compiled HTML File
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 28.00
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
- T1668 - Exclusive Control
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 33.54
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 19.25
Matched TTPs:
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.66
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 53.33
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1562.012 - Disable or Modify Linux Audit System
- T1574.008 - Path Interception by Search Order Hijacking
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1002 - Data Compressed
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1574.002 - DLL Side-Loading
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 13.87
Matched TTPs:
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 14.84
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1059.001 - PowerShell
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 22.19
Matched TTPs:
- T1584.008 - Network Devices
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1059.001 - PowerShell
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 25.51
Matched TTPs:
- T1584.008 - Network Devices
- T1684 - Social Engineering
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 27.35
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1656 - Impersonation
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1003.003 - NTDS
MITREへのリンク →
Score: 18.86
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1685 - Disable or Modify Tools
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 13.99
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 30.02
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 62.05
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1552.003 - Shell History
- T1087.004 - Cloud Account
- T1041 - Exfiltration Over C2 Channel
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
- T1003.003 - NTDS
MITREへのリンク →
Score: 15.15
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.21
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1574.008 - Path Interception by Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 30.05
Matched TTPs:
- T1606.002 - SAML Tokens
- T1070.006 - Timestomp
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 36.84
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1552.003 - Shell History
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 38.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1574.014 - AppDomainManager
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1562.012 - Disable or Modify Linux Audit System
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1097 - Pass the Ticket
- T1039 - Data from Network Shared Drive
- T1592.002 - Software
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 16.52
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 14.28
Matched TTPs:
- T1606.002 - SAML Tokens
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1087.004 - Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 32.89
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1566.002 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1562.012 - Disable or Modify Linux Audit System
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1087.004 - Cloud Account
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 10.90
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.51
Matched TTPs:
- T1606.002 - SAML Tokens
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.14
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 38.48
Matched TTPs:
- T1606.002 - SAML Tokens
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1684 - Social Engineering
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 30.73
Matched TTPs:
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.53
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 26.14
Matched TTPs:
- T1606.002 - SAML Tokens
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1059.001 - PowerShell
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 45.87
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 22.29
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1574.008 - Path Interception by Search Order Hijacking
- T1552.003 - Shell History
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 17.48
Matched TTPs:
- T1063 - Security Software Discovery
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.84
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 8.59
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1584.005 - Botnet
MITREへのリンク →
Score: 14.00
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 41.52
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 28.73
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
- T1668 - Exclusive Control
- T1588.003 - Code Signing Certificates
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.93
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1024 - Custom Cryptographic Protocol
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1657 - Financial Theft
MITREへのリンク →
Score: 22.02
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1115 - Clipboard Data
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.64
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1562.012 - Disable or Modify Linux Audit System
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.16
Matched TTPs:
- T1115 - Clipboard Data
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.06
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 9.66
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
- T1668 - Exclusive Control
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 17.73
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1212 - Exploitation for Credential Access
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 25.14
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1059.001 - PowerShell
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 39.06
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1176 - Software Extensions
- T1140 - Deobfuscate/Decode Files or Information
- T1070.006 - Timestomp
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1574.002 - DLL Side-Loading
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
MITREへのリンク →
Score: 10.76
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1574.014 - AppDomainManager
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 20.75
Matched TTPs:
- T1024 - Custom Cryptographic Protocol
- T1547.005 - Security Support Provider
- T1562.012 - Disable or Modify Linux Audit System
- T1019 - System Firmware
- T1039 - Data from Network Shared Drive
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1024 - Custom Cryptographic Protocol
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 18.62
Matched TTPs:
- T1024 - Custom Cryptographic Protocol
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1027.014 - Polymorphic Code
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.93
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1597 - Search Closed Sources
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.52
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1684 - Social Engineering
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.41
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1590.006 - Network Security Appliances
- T1218.012 - Verclsid
- T1657 - Financial Theft
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1562.012 - Disable or Modify Linux Audit System
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.36
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.07
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 8.16
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 14.95
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1562.012 - Disable or Modify Linux Audit System
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.97
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 22.07
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1598 - Phishing for Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 16.77
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1059.001 - PowerShell
- T1097 - Pass the Ticket
- T1656 - Impersonation
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.61
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1574.008 - Path Interception by Search Order Hijacking
- T1552.003 - Shell History
MITREへのリンク →
Score: 9.61
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.06
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
- T1505 - Server Software Component
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 24.70
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1059.001 - PowerShell
- T1597 - Search Closed Sources
- T1059.013 - Container CLI/API
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.63
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.74
Matched TTPs:
- T1137.005 - Outlook Rules
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 32.79
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1590 - Gather Victim Network Information
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1493 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.00
Matched TTPs:
- T1684 - Social Engineering
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.79
Matched TTPs:
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.28
Matched TTPs:
- T1684 - Social Engineering
- T1562.012 - Disable or Modify Linux Audit System
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 8.33
Matched TTPs:
- T1684 - Social Engineering
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1684 - Social Engineering
- T1039 - Data from Network Shared Drive
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1552.003 - Shell History
MITREへのリンク →
Score: 13.42
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.51
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1039 - Data from Network Shared Drive
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.50
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 9.90
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1101 - Security Support Provider
- T1059.012 - Hypervisor CLI
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.41
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.14
Matched TTPs:
- T1562.012 - Disable or Modify Linux Audit System
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 9.34
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
MITREへのリンク →
Score: 9.76
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1059.001 - PowerShell
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 8.59
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.98
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1027.014 - Polymorphic Code
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.01
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.83
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1059.012 - Hypervisor CLI
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 12.80
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
- T1037.001 - Logon Script (Windows)
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1218.012 - Verclsid
- T1087.004 - Cloud Account
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1552.003 - Shell History
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 4.07
Matched TTPs:
- T1097 - Pass the Ticket
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 7.34
Matched TTPs:
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.83
Matched TTPs:
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1565.002 - Transmitted Data Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1027.018 - Invisible Unicode
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1024 - Custom Cryptographic Protocol
- T1087.004 - Cloud Account
- T1690 - Prevent Command History Logging
- T1218.012 - Verclsid
- T1566.002 - Spearphishing Link
- T1027.018 - Invisible Unicode
- T1656 - Impersonation
- T1562.012 - Disable or Modify Linux Audit System
- T1009 - Binary Padding
- T1041 - Exfiltration Over C2 Channel
- T1555.003 - Credentials from Web Browsers
- T1590.006 - Network Security Appliances
- T1552.003 - Shell History
- T1030 - Data Transfer Size Limits
- T1565.002 - Transmitted Data Manipulation
- T1668 - Exclusive Control
- T1140 - Deobfuscate/Decode Files or Information
- T1003.007 - Proc Filesystem
- T1684 - Social Engineering
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1597 - Search Closed Sources
- T1183 - Image File Execution Options Injection
- T1003.003 - NTDS
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1574.002 - DLL Side-Loading
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1097 - Pass the Ticket
- T1584.008 - Network Devices
- T1002 - Data Compressed
- T1562.012 - Disable or Modify Linux Audit System
- T1041 - Exfiltration Over C2 Channel
- T1590.006 - Network Security Appliances
- T1030 - Data Transfer Size Limits
- T1037.001 - Logon Script (Windows)
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1574.008 - Path Interception by Search Order Hijacking
- T1140 - Deobfuscate/Decode Files or Information
- T1684 - Social Engineering
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design