Live C2 Dump Recovering Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger
概要
On April 11, 2026, researchers analyzed a CHM file (api_reference.chm) tagged as Kimsuky that initiated a three-stage attack chain. The C2 server at check[.]nid-log[.]com had directory listing enabled, allowing recovery of complete source code for all payload stages: a 6,338-byte VBScript performing system reconnaissance and establishing persistence via scheduled task, a 449-byte VBScript bridge to PowerShell, and a 6,234-byte PowerShell keylogger with clipboard monitoring and timed exfiltration. The infrastructure included 79+ domains across 5 C2 IPs spanning Korean VPS providers. The server responded with "Million OK !!!!" signature, matching previously documented Kimsuky infrastructure while showing upgraded Apache/PHP stack. The operation targeted Korean Naver users through credential phishing and tax authority impersonation, with infrastructure linked to previously documented Kimsuky campaigns via shared DAOU Technology subnets.
Created: 2026-04-13
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 5.99
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1555.003 - Credentials from Web Browsers
- T1218.005 - Mshta
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1218.001 - Compiled HTML File
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1091 - Replication Through Removable Media
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 37.47
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1110 - Brute Force
- T1068 - Exploitation for Privilege Escalation
- T1564.003 - Hidden Window
- T1189 - Drive-by Compromise
- T1498 - Network Denial of Service
- T1550.002 - Pass the Hash
- T1137.002 - Office Test
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.34
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1534 - Internal Spearphishing
- T1587.004 - Exploits
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 13.97
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
MITREへのリンク →
Score: 19.51
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1115 - Clipboard Data
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1505.003 - Web Shell
- T1110 - Brute Force
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 24.35
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1562.004 - Disable or Modify System Firewall
- T1585.002 - Email Accounts
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1036.003 - Rename Legitimate Utilities
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.76
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 12.29
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1068 - Exploitation for Privilege Escalation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.66
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1068 - Exploitation for Privilege Escalation
MITREへのリンク →
Score: 13.64
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 6.58
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1564.003 - Hidden Window
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.76
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1564.003 - Hidden Window
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 20.48
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1552.001 - Credentials In Files
- T1110 - Brute Force
- T1585 - Establish Accounts
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 16.53
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1068 - Exploitation for Privilege Escalation
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 9.06
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 6.31
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 42.04
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1114.001 - Local Email Collection
- T1598.003 - Spearphishing Link
- T1071 - Application Layer Protocol
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1090 - Proxy
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1564.003 - Hidden Window
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 12.42
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1486 - Data Encrypted for Impact
- T1656 - Impersonation
- T1219.002 - Remote Desktop Software
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.25
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1090 - Proxy
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 15.01
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1091 - Replication Through Removable Media
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1052.001 - Exfiltration over USB
MITREへのリンク →
Score: 39.21
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1585.002 - Email Accounts
- T1090 - Proxy
- T1204.005 - Malicious Library
- T1583.003 - Virtual Private Server
- T1562.001 - Disable or Modify Tools
- T1593.001 - Social Media
- T1656 - Impersonation
- T1585 - Establish Accounts
- T1219.002 - Remote Desktop Software
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.69
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1068 - Exploitation for Privilege Escalation
MITREへのリンク →
Score: 12.22
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1049 - System Network Connections Discovery
- T1036.003 - Rename Legitimate Utilities
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
MITREへのリンク →
Score: 24.15
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1071 - Application Layer Protocol
- T1608.001 - Upload Malware
- T1562.004 - Disable or Modify System Firewall
- T1049 - System Network Connections Discovery
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1595.001 - Scanning IP Blocks
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 54.76
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1587.001 - Malware
- T1115 - Clipboard Data
- T1007 - System Service Discovery
- T1556.002 - Password Filter DLL
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1555 - Credentials from Password Stores
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1552.001 - Credentials In Files
- T1218.001 - Compiled HTML File
- T1110 - Brute Force
- T1068 - Exploitation for Privilege Escalation
- T1137.004 - Outlook Home Page
- T1555.004 - Windows Credential Manager
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 33.83
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1550.003 - Pass the Ticket
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1068 - Exploitation for Privilege Escalation
- T1036.003 - Rename Legitimate Utilities
- T1564.003 - Hidden Window
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 17.79
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1585.002 - Email Accounts
- T1583.003 - Virtual Private Server
- T1486 - Data Encrypted for Impact
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1583.008 - Malvertising
- T1608.001 - Upload Malware
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1003.002 - Security Account Manager
- T1036.003 - Rename Legitimate Utilities
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 15.14
Matched TTPs:
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1036.003 - Rename Legitimate Utilities
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 38.96
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1550.003 - Pass the Ticket
- T1649 - Steal or Forge Authentication Certificates
- T1218.005 - Mshta
- T1021.007 - Cloud Services
- T1068 - Exploitation for Privilege Escalation
- T1027.006 - HTML Smuggling
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 21.99
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1552.001 - Credentials In Files
- T1134.003 - Make and Impersonate Token
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 26.22
Matched TTPs:
- T1003.002 - Security Account Manager
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1598.002 - Spearphishing Attachment
- T1071.002 - File Transfer Protocols
- T1110 - Brute Force
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 18.55
Matched TTPs:
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1587.001 - Malware
- T1583.005 - Botnet
- T1007 - System Service Discovery
- T1190 - Exploit Public-Facing Application
- T1049 - System Network Connections Discovery
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 11.69
Matched TTPs:
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 50.94
Matched TTPs:
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1546.008 - Accessibility Features
- T1090 - Proxy
- T1049 - System Network Connections Discovery
- T1071.002 - File Transfer Protocols
- T1218.001 - Compiled HTML File
- T1110 - Brute Force
- T1599 - Network Boundary Bridging
- T1486 - Data Encrypted for Impact
- T1595.003 - Wordlist Scanning
- T1656 - Impersonation
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 11.41
Matched TTPs:
- T1003.002 - Security Account Manager
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 23.77
Matched TTPs:
- T1003.002 - Security Account Manager
- T1518.002 - Backup Software Discovery
- T1585.002 - Email Accounts
- T1562.001 - Disable or Modify Tools
- T1555.004 - Windows Credential Manager
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1204.001 - Malicious Link
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 33.93
Matched TTPs:
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1552.001 - Credentials In Files
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1585 - Establish Accounts
- T1595.001 - Scanning IP Blocks
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1588.005 - Exploits
MITREへのリンク →
Score: 21.05
Matched TTPs:
- T1583.002 - DNS Server
- T1114.001 - Local Email Collection
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1608.003 - Install Digital Certificate
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.89
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1583.003 - Virtual Private Server
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 27.84
Matched TTPs:
- T1583.002 - DNS Server
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1555 - Credentials from Password Stores
- T1589 - Gather Victim Identity Information
- T1555.003 - Credentials from Web Browsers
- T1585.002 - Email Accounts
- T1049 - System Network Connections Discovery
- T1534 - Internal Spearphishing
- T1110 - Brute Force
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 25.33
Matched TTPs:
- T1071.004 - DNS
- T1114.001 - Local Email Collection
- T1007 - System Service Discovery
- T1049 - System Network Connections Discovery
- T1110.004 - Credential Stuffing
- T1111 - Multi-Factor Authentication Interception
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1124 - System Time Discovery
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1071.004 - DNS
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 10.33
Matched TTPs:
- T1071.004 - DNS
- T1218.003 - CMSTP
- T1068 - Exploitation for Privilege Escalation
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 28.54
Matched TTPs:
- T1071.004 - DNS
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1486 - Data Encrypted for Impact
- T1564.003 - Hidden Window
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1114.001 - Local Email Collection
- T1587.001 - Malware
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 12.58
Matched TTPs:
- T1114.001 - Local Email Collection
- T1007 - System Service Discovery
- T1585.002 - Email Accounts
- T1049 - System Network Connections Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 14.03
Matched TTPs:
- T1114.001 - Local Email Collection
- T1190 - Exploit Public-Facing Application
- T1583.003 - Virtual Private Server
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 63.04
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1007 - System Service Discovery
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1071.002 - File Transfer Protocols
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1593.001 - Social Media
- T1656 - Impersonation
- T1564.003 - Hidden Window
- T1585 - Establish Accounts
- T1219.002 - Remote Desktop Software
- T1111 - Multi-Factor Authentication Interception
- T1550.002 - Pass the Hash
- T1204.001 - Malicious Link
- T1588.005 - Exploits
MITREへのリンク →
Score: 15.11
Matched TTPs:
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1585.002 - Email Accounts
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1205.001 - Port Knocking
- T1562.001 - Disable or Modify Tools
- T1068 - Exploitation for Privilege Escalation
- T1587.004 - Exploits
- T1124 - System Time Discovery
MITREへのリンク →
Score: 12.31
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1608.005 - Link Target
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 31.24
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1090 - Proxy
- T1049 - System Network Connections Discovery
- T1486 - Data Encrypted for Impact
- T1499 - Endpoint Denial of Service
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Score: 6.90
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 33.75
Matched TTPs:
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1584.003 - Virtual Private Server
- T1090 - Proxy
- T1049 - System Network Connections Discovery
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1584.006 - Web Services
- T1068 - Exploitation for Privilege Escalation
- T1555.004 - Windows Credential Manager
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
MITREへのリンク →
Score: 34.86
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1176.002 - IDE Extensions
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1052.001 - Exfiltration over USB
- T1219.002 - Remote Desktop Software
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 52.19
Matched TTPs:
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1589 - Gather Victim Identity Information
- T1598.004 - Spearphishing Voice
- T1090 - Proxy
- T1552.001 - Credentials In Files
- T1021.007 - Cloud Services
- T1204 - User Execution
- T1562.001 - Disable or Modify Tools
- T1068 - Exploitation for Privilege Escalation
- T1486 - Data Encrypted for Impact
- T1656 - Impersonation
- T1556.009 - Conditional Access Policies
- T1219.002 - Remote Desktop Software
- T1018 - Remote System Discovery
- T1538 - Cloud Service Dashboard
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 24.66
Matched TTPs:
- T1484.002 - Trust Modification
- T1190 - Exploit Public-Facing Application
- T1021.007 - Cloud Services
- T1110 - Brute Force
- T1486 - Data Encrypted for Impact
- T1556.009 - Conditional Access Policies
- T1219.002 - Remote Desktop Software
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 8.59
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1585.002 - Email Accounts
- T1608.005 - Link Target
MITREへのリンク →
Score: 10.56
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1068 - Exploitation for Privilege Escalation
- T1204.001 - Malicious Link
- T1124 - System Time Discovery
MITREへのリンク →
Score: 15.93
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1585.002 - Email Accounts
- T1598.002 - Spearphishing Attachment
MITREへのリンク →
Score: 19.54
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1583.003 - Virtual Private Server
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.64
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 28.54
Matched TTPs:
- T1115 - Clipboard Data
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1218.001 - Compiled HTML File
- T1110 - Brute Force
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1036.003 - Rename Legitimate Utilities
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 13.24
Matched TTPs:
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1068 - Exploitation for Privilege Escalation
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 14.06
Matched TTPs:
- T1007 - System Service Discovery
- T1550.003 - Pass the Ticket
- T1562.001 - Disable or Modify Tools
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1124 - System Time Discovery
MITREへのリンク →
Score: 7.07
Matched TTPs:
- T1007 - System Service Discovery
- T1562.001 - Disable or Modify Tools
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1007 - System Service Discovery
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 20.67
Matched TTPs:
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1090 - Proxy
- T1049 - System Network Connections Discovery
- T1218.005 - Mshta
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 35.82
Matched TTPs:
- T1007 - System Service Discovery
- T1584.003 - Virtual Private Server
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1589 - Gather Victim Identity Information
- T1555.003 - Credentials from Web Browsers
- T1505.003 - Web Shell
- T1090 - Proxy
- T1049 - System Network Connections Discovery
- T1068 - Exploitation for Privilege Escalation
- T1587.004 - Exploits
- T1018 - Remote System Discovery
- T1596.005 - Scan Databases
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1007 - System Service Discovery
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 14.21
Matched TTPs:
- T1071 - Application Layer Protocol
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 10.78
Matched TTPs:
- T1071 - Application Layer Protocol
- T1190 - Exploit Public-Facing Application
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 9.31
Matched TTPs:
- T1071 - Application Layer Protocol
- T1562.004 - Disable or Modify System Firewall
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 25.01
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1090 - Proxy
- T1583.003 - Virtual Private Server
- T1218.005 - Mshta
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1564.003 - Hidden Window
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 29.53
Matched TTPs:
- T1586.002 - Email Accounts
- T1589 - Gather Victim Identity Information
- T1555.003 - Credentials from Web Browsers
- T1598.004 - Spearphishing Voice
- T1090 - Proxy
- T1583.003 - Virtual Private Server
- T1204 - User Execution
- T1068 - Exploitation for Privilege Escalation
- T1656 - Impersonation
- T1111 - Multi-Factor Authentication Interception
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1586.002 - Email Accounts
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
MITREへのリンク →
Score: 25.27
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1583.003 - Virtual Private Server
- T1134.003 - Make and Impersonate Token
- T1562.001 - Disable or Modify Tools
- T1068 - Exploitation for Privilege Escalation
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 11.99
Matched TTPs:
- T1608.001 - Upload Malware
- T1585.002 - Email Accounts
- T1593.001 - Social Media
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 15.49
Matched TTPs:
- T1608.001 - Upload Malware
- T1555.003 - Credentials from Web Browsers
- T1585.002 - Email Accounts
- T1583.003 - Virtual Private Server
- T1656 - Impersonation
- T1111 - Multi-Factor Authentication Interception
MITREへのリンク →
Score: 4.97
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 23.76
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1585.002 - Email Accounts
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1564.003 - Hidden Window
- T1650 - Acquire Access
- T1018 - Remote System Discovery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1090 - Proxy
MITREへのリンク →
Score: 12.01
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1049 - System Network Connections Discovery
- T1564.003 - Hidden Window
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.37
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1595.003 - Wordlist Scanning
MITREへのリンク →
Score: 23.70
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1555 - Credentials from Password Stores
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1049 - System Network Connections Discovery
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 10.22
Matched TTPs:
- T1558 - Steal or Forge Kerberos Tickets
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 10.55
Matched TTPs:
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.34
Matched TTPs:
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1555.004 - Windows Credential Manager
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1555 - Credentials from Password Stores
- T1219.002 - Remote Desktop Software
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 16.52
Matched TTPs:
- T1555 - Credentials from Password Stores
- T1555.003 - Credentials from Web Browsers
- T1562.001 - Disable or Modify Tools
- T1068 - Exploitation for Privilege Escalation
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 14.90
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1546.008 - Accessibility Features
- T1049 - System Network Connections Discovery
- T1552.001 - Credentials In Files
- T1564.003 - Hidden Window
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.82
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.41
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.99
Matched TTPs:
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1564.003 - Hidden Window
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 3.86
Matched TTPs:
- T1505.003 - Web Shell
- T1068 - Exploitation for Privilege Escalation
MITREへのリンク →
Score: 4.74
Matched TTPs:
- T1090 - Proxy
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1090 - Proxy
- T1068 - Exploitation for Privilege Escalation
MITREへのリンク →
Score: 4.11
Matched TTPs:
- T1090 - Proxy
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1542.002 - Component Firmware
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 3.50
Matched TTPs:
- T1049 - System Network Connections Discovery
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1049 - System Network Connections Discovery
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 3.70
Matched TTPs:
- T1218.005 - Mshta
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1205.001 - Port Knocking
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1071.002 - File Transfer Protocols
MITREへのリンク →
Score: 4.98
Matched TTPs:
- T1218.001 - Compiled HTML File
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.07
Matched TTPs:
- T1110 - Brute Force
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.20
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 3.86
Matched TTPs:
- T1068 - Exploitation for Privilege Escalation
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 7.34
Matched TTPs:
- T1068 - Exploitation for Privilege Escalation
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1585 - Establish Accounts
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1111 - Multi-Factor Authentication Interception
- T1562.001 - Disable or Modify Tools
- T1564.003 - Hidden Window
- T1007 - System Service Discovery
- T1555.003 - Credentials from Web Browsers
- T1585 - Establish Accounts
- T1588.005 - Exploits
- T1219.002 - Remote Desktop Software
- T1585.002 - Email Accounts
- T1656 - Impersonation
- T1550.002 - Pass the Hash
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1204.001 - Malicious Link
- T1505.003 - Web Shell
- T1587.001 - Malware
- T1218.005 - Mshta
- T1562.004 - Disable or Modify System Firewall
- T1586.002 - Email Accounts
- T1598.003 - Spearphishing Link
- T1071.002 - File Transfer Protocols
- T1593.001 - Social Media
- T1552.001 - Credentials In Files
- T1534 - Internal Spearphishing
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1137.004 - Outlook Home Page
- T1007 - System Service Discovery
- T1110 - Brute Force
- T1115 - Clipboard Data
- T1555.003 - Credentials from Web Browsers
- T1027.013 - Encrypted/Encoded File
- T1566.003 - Spearphishing via Service
- T1608.001 - Upload Malware
- T1204.001 - Malicious Link
- T1505.003 - Web Shell
- T1556.002 - Password Filter DLL
- T1555 - Credentials from Password Stores
- T1587.001 - Malware
- T1068 - Exploitation for Privilege Escalation
- T1555.004 - Windows Credential Manager
- T1071.004 - DNS
- T1562.004 - Disable or Modify System Firewall
- T1586.002 - Email Accounts
- T1049 - System Network Connections Discovery
- T1218.001 - Compiled HTML File
- T1552.001 - Credentials In Files
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1484.002 - Trust Modification
- T1021.007 - Cloud Services
- T1204 - User Execution
- T1068 - Exploitation for Privilege Escalation
- T1656 - Impersonation
- T1589 - Gather Victim Identity Information
- T1490 - Inhibit System Recovery
- T1090 - Proxy
- T1018 - Remote System Discovery
- T1562.001 - Disable or Modify Tools
- T1219.002 - Remote Desktop Software
- T1538 - Cloud Service Dashboard
- T1486 - Data Encrypted for Impact
- T1598.004 - Spearphishing Voice
- T1598.003 - Spearphishing Link
- T1556.009 - Conditional Access Policies
- T1552.001 - Credentials In Files
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1003.002 - Security Account Manager
- T1599 - Network Boundary Bridging
- T1555.003 - Credentials from Web Browsers
- T1555 - Credentials from Password Stores
- T1656 - Impersonation
- T1595.003 - Wordlist Scanning
- T1071.004 - DNS
- T1090 - Proxy
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1486 - Data Encrypted for Impact
- T1546.008 - Accessibility Features
- T1049 - System Network Connections Discovery
- T1218.001 - Compiled HTML File
- T1071.002 - File Transfer Protocols
- T1190 - Exploit Public-Facing Application
- T1110 - Brute Force
- T1596.005 - Scan Databases
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design