REFUNDEE: Inside a Shadow Panel Phishing-as-a-Service Operation
概要
An open directory discovery at refundonex[.]com exposed a complete Phishing-as-a-Service and RAT-as-a-Service platform targeting Spanish and Portuguese-speaking victims. The investigation uncovered 3,788 files including weaponized LNK, VBS, and AES-encrypted PowerShell payloads delivering a remote access trojan. The platform, called Shadow Panel, operates from Bulgarian infrastructure and offers capabilities including remote shell execution, screenshot capture, file management, browser credential theft, clipboard hijacking for cryptocurrency wallets, and multi-operator support. The C2 panel's frontend JavaScript was publicly accessible, revealing 29 API endpoints and the complete architecture. Infrastructure analysis linked the operation to nikola4010@proton[.]me through WHOIS data and historical malicious domain associations dating back to 2021, indicating a long-running cybercriminal operation with minimal detection coverage.
Created: 2026-05-13
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 19.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1608.005 - Link Target
- T1552.008 - Chat Messages
- T1056 - Input Capture
- T1055.008 - Ptrace System Calls
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 14.03
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 24.68
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1056 - Input Capture
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.71
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 15.05
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1656 - Impersonation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 29.16
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1552.008 - Chat Messages
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 17.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 40.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1056 - Input Capture
- T1565.002 - Transmitted Data Manipulation
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
- T1601.001 - Patch System Image
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 17.73
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1056 - Input Capture
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
MITREへのリンク →
Score: 9.06
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 16.29
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 18.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 13.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1668 - Exclusive Control
MITREへのリンク →
Score: 21.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
- T1668 - Exclusive Control
MITREへのリンク →
Score: 28.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 21.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1668 - Exclusive Control
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 32.46
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 11.00
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
MITREへのリンク →
Score: 12.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 51.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 18.59
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 12.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 20.58
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 6.07
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 24.28
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1668 - Exclusive Control
MITREへのリンク →
Score: 24.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 33.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 10.52
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 12.28
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
MITREへのリンク →
Score: 7.68
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1056 - Input Capture
MITREへのリンク →
Score: 35.51
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1556 - Modify Authentication Process
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 43.92
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1560.003 - Archive via Custom Method
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1543.003 - Windows Service
MITREへのリンク →
Score: 8.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.72
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1090 - Proxy
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 18.00
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 36.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.81
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 24.21
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1560.003 - Archive via Custom Method
- T1527 - Application Access Token
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 25.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
- T1601.001 - Patch System Image
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 13.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 19.30
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1552.008 - Chat Messages
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 10.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 6.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 17.84
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1056 - Input Capture
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 32.76
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 25.57
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 18.30
Matched TTPs:
- T1584.008 - Network Devices
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1531 - Account Access Removal
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 18.46
Matched TTPs:
- T1584.008 - Network Devices
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1055.004 - Asynchronous Procedure Call
- T1056 - Input Capture
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 17.51
Matched TTPs:
- T1584.008 - Network Devices
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1056 - Input Capture
- T1656 - Impersonation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 11.41
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 27.85
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 17.50
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1056 - Input Capture
MITREへのリンク →
Score: 11.91
Matched TTPs:
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1087.004 - Cloud Account
- T1056 - Input Capture
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 7.44
Matched TTPs:
- T1543.003 - Windows Service
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1056 - Input Capture
MITREへのリンク →
Score: 3.79
Matched TTPs:
- T1543.003 - Windows Service
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1543.003 - Windows Service
- T1115 - Clipboard Data
MITREへのリンク →
Score: 6.00
Matched TTPs:
- T1543.003 - Windows Service
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 31.67
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.74
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 21.02
Matched TTPs:
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1543.003 - Windows Service
- T1159 - Launch Agent
MITREへのリンク →
Score: 17.31
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1196 - Control Panel Items
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 3.31
Matched TTPs:
- T1543.003 - Windows Service
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 22.65
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 12.43
Matched TTPs:
- T1115 - Clipboard Data
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 16.28
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 9.58
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
MITREへのリンク →
Score: 18.79
Matched TTPs:
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 10.21
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
MITREへのリンク →
Score: 8.93
Matched TTPs:
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 10.94
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.58
Matched TTPs:
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.31
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 4.20
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1159 - Launch Agent
MITREへのリンク →
Score: 14.56
Matched TTPs:
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1608.005 - Link Target
- T1056 - Input Capture
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 4.35
Matched TTPs:
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1668 - Exclusive Control
- T1597 - Search Closed Sources
- T1056 - Input Capture
- T1608.005 - Link Target
- T1009 - Binary Padding
- T1098.007 - Additional Local or Domain Groups
- T1087.004 - Cloud Account
- T1051 - Shared Webroot
- T1490 - Inhibit System Recovery
- T1213.006 - Databases
- T1656 - Impersonation
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1546.013 - PowerShell Profile
- T1601.001 - Patch System Image
- T1543.003 - Windows Service
- T1197 - BITS Jobs
- T1183 - Image File Execution Options Injection
- T1560.001 - Archive via Utility
- T1609 - Container Administration Command
- T1003.007 - Proc Filesystem
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1547.005 - Security Support Provider
- T1087.004 - Cloud Account
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1560.003 - Archive via Custom Method
- T1597 - Search Closed Sources
- T1666 - Modify Cloud Resource Hierarchy
- T1565.002 - Transmitted Data Manipulation
- T1098.007 - Additional Local or Domain Groups
- T1609 - Container Administration Command
- T1056 - Input Capture
- T1685.004 - Disable or Modify Linux Audit System Log
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design