Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks
概要
APT37 conducted a sophisticated social engineering campaign utilizing Facebook accounts claiming locations in Pyongyang and Pyongsong, North Korea, to conduct reconnaissance and build trust with targets. After establishing relationships through Facebook Messenger, the threat actor migrated conversations to Telegram and employed pretexting tactics, claiming to share encrypted PDF documents containing military weapons information. Victims were persuaded to install a tampered Wondershare PDFelement installer that executed embedded shellcode for initial compromise. The attack chain delivered follow-on commands through a JPG-disguised payload hosted on a compromised Japanese real estate website. The malware abused Zoho WorkDrive OAuth2 APIs as C2 channels, exfiltrating screenshots, documents, system information, and audio files. The campaign employed multiple evasion techniques including code cave injection, process hollowing into legitimate dism.exe, XOR encryption layers, and fileless in-memory execution.
Created: 2026-04-14
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 13.84
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 18.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1055.012 - Process Hollowing
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 22.19
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1518.002 - Backup Software Discovery
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1555.004 - Windows Credential Manager
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 7.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1552.001 - Credentials In Files
- T1078 - Valid Accounts
MITREへのリンク →
Score: 16.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1552.001 - Credentials In Files
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.75
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
MITREへのリンク →
Score: 36.70
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1007 - System Service Discovery
- T1070.007 - Clear Network Connection History and Configurations
- T1190 - Exploit Public-Facing Application
- T1010 - Application Window Discovery
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1654 - Log Enumeration
- T1591 - Gather Victim Org Information
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 7.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1007 - System Service Discovery
- T1059.003 - Windows Command Shell
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 36.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1505.003 - Web Shell
- T1176.002 - IDE Extensions
- T1218.005 - Mshta
- T1654 - Log Enumeration
- T1052.001 - Exfiltration over USB
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 12.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 23.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1071.004 - DNS
- T1007 - System Service Discovery
- T1078 - Valid Accounts
- T1110.004 - Credential Stuffing
- T1059.003 - Windows Command Shell
- T1556.001 - Domain Controller Authentication
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 18.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1608.003 - Install Digital Certificate
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 15.80
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.55
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1552.001 - Credentials In Files
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 17.04
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1654 - Log Enumeration
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 11.71
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 17.37
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 33.78
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1595.003 - Wordlist Scanning
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1596.005 - Scan Databases
- T1008 - Fallback Channels
MITREへのリンク →
Score: 20.72
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1190 - Exploit Public-Facing Application
- T1218.003 - CMSTP
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 31.80
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1591 - Gather Victim Org Information
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1498 - Network Denial of Service
- T1550.002 - Pass the Hash
- T1137.002 - Office Test
MITREへのリンク →
Score: 19.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1562.001 - Disable or Modify Tools
- T1584.006 - Web Services
- T1059.003 - Windows Command Shell
- T1555.004 - Windows Credential Manager
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 17.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1007 - System Service Discovery
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1053.002 - At
MITREへのリンク →
Score: 26.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1587.001 - Malware
- T1070.007 - Clear Network Connection History and Configurations
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1008 - Fallback Channels
MITREへのリンク →
Score: 46.61
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1560.003 - Archive via Custom Method
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1591 - Gather Victim Org Information
- T1562.001 - Disable or Modify Tools
- T1055.012 - Process Hollowing
- T1593.001 - Social Media
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 13.95
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.008 - Accessibility Features
- T1552.001 - Credentials In Files
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 9.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 20.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1587.001 - Malware
- T1583.005 - Botnet
- T1007 - System Service Discovery
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 10.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 22.80
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1552.001 - Credentials In Files
- T1134.003 - Make and Impersonate Token
- T1059.003 - Windows Command Shell
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 16.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1218.005 - Mshta
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 32.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1573 - Encrypted Channel
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 14.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1007 - System Service Discovery
- T1654 - Log Enumeration
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 10.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 13.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1558 - Steal or Forge Kerberos Tickets
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 13.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 27.73
Matched TTPs:
- T1113 - Screen Capture
- T1003.002 - Security Account Manager
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1598.002 - Spearphishing Attachment
- T1078 - Valid Accounts
- T1187 - Forced Authentication
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 20.87
Matched TTPs:
- T1113 - Screen Capture
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1491.001 - Internal Defacement
- T1562.001 - Disable or Modify Tools
- T1095 - Non-Application Layer Protocol
- T1027.004 - Compile After Delivery
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 41.86
Matched TTPs:
- T1113 - Screen Capture
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1556.002 - Password Filter DLL
- T1608.001 - Upload Malware
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1552.001 - Credentials In Files
- T1078 - Valid Accounts
- T1137.004 - Outlook Home Page
- T1059.003 - Windows Command Shell
- T1555.004 - Windows Credential Manager
- T1070.004 - File Deletion
- T1008 - Fallback Channels
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.76
Matched TTPs:
- T1113 - Screen Capture
- T1190 - Exploit Public-Facing Application
MITREへのリンク →
Score: 8.39
Matched TTPs:
- T1113 - Screen Capture
- T1608.001 - Upload Malware
- T1070.008 - Clear Mailbox Data
MITREへのリンク →
Score: 10.10
Matched TTPs:
- T1113 - Screen Capture
- T1190 - Exploit Public-Facing Application
- T1584.006 - Web Services
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 7.59
Matched TTPs:
- T1113 - Screen Capture
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1113 - Screen Capture
- T1027.013 - Encrypted/Encoded File
- T1070.004 - File Deletion
MITREへのリンク →
Score: 9.12
Matched TTPs:
- T1113 - Screen Capture
- T1027.013 - Encrypted/Encoded File
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 30.54
Matched TTPs:
- T1113 - Screen Capture
- T1071.004 - DNS
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1591 - Gather Victim Org Information
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1008 - Fallback Channels
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1218.005 - Mshta
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.31
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1059.003 - Windows Command Shell
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 11.94
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1053.002 - At
MITREへのリンク →
Score: 8.02
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 10.01
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
MITREへのリンク →
Score: 39.07
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1560.003 - Archive via Custom Method
- T1587.001 - Malware
- T1010 - Application Window Discovery
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1491.001 - Internal Defacement
- T1591 - Gather Victim Org Information
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1008 - Fallback Channels
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 6.32
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 9.85
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1573 - Encrypted Channel
- T1095 - Non-Application Layer Protocol
MITREへのリンク →
Score: 11.18
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 23.46
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1055.012 - Process Hollowing
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1053.002 - At
MITREへのリンク →
Score: 10.86
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1055.012 - Process Hollowing
MITREへのリンク →
Score: 10.34
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.86
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1059.003 - Windows Command Shell
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 16.19
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1505.003 - Web Shell
- T1052.001 - Exfiltration over USB
- T1573 - Encrypted Channel
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 26.56
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1562.001 - Disable or Modify Tools
- T1593.001 - Social Media
- T1543.001 - Launch Agent
- T1059.003 - Windows Command Shell
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
MITREへのリンク →
Score: 21.31
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1608.001 - Upload Malware
- T1562.004 - Disable or Modify System Firewall
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1595.001 - Scanning IP Blocks
MITREへのリンク →
Score: 6.60
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 24.73
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1505.003 - Web Shell
- T1218.005 - Mshta
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 16.27
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1591 - Gather Victim Org Information
- T1486 - Data Encrypted for Impact
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 19.28
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1095 - Non-Application Layer Protocol
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.28
Matched TTPs:
- T1583.008 - Malvertising
- T1608.001 - Upload Malware
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 7.64
Matched TTPs:
- T1003.002 - Security Account Manager
- T1036.003 - Rename Legitimate Utilities
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 36.11
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1649 - Steal or Forge Authentication Certificates
- T1218.005 - Mshta
- T1078 - Valid Accounts
- T1573 - Encrypted Channel
- T1027.006 - HTML Smuggling
- T1070.004 - File Deletion
- T1651 - Cloud Administration Command
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 28.80
Matched TTPs:
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1552.001 - Credentials In Files
- T1654 - Log Enumeration
- T1562.001 - Disable or Modify Tools
- T1095 - Non-Application Layer Protocol
- T1070.004 - File Deletion
- T1595.001 - Scanning IP Blocks
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 20.87
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1078 - Valid Accounts
- T1553 - Subvert Trust Controls
- T1189 - Drive-by Compromise
- T1001.002 - Steganography
MITREへのリンク →
Score: 14.13
Matched TTPs:
- T1583.002 - DNS Server
- T1608.001 - Upload Malware
- T1010 - Application Window Discovery
- T1589 - Gather Victim Identity Information
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.01
Matched TTPs:
- T1071.004 - DNS
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 9.21
Matched TTPs:
- T1071.004 - DNS
- T1218.003 - CMSTP
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 15.20
Matched TTPs:
- T1587.001 - Malware
- T1007 - System Service Discovery
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 7.91
Matched TTPs:
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1608.005 - Link Target
MITREへのリンク →
Score: 20.99
Matched TTPs:
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1499 - Endpoint Denial of Service
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Score: 34.88
Matched TTPs:
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1070.008 - Clear Mailbox Data
- T1589 - Gather Victim Identity Information
- T1598.004 - Spearphishing Voice
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1219.002 - Remote Desktop Software
- T1018 - Remote System Discovery
- T1538 - Cloud Service Dashboard
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1484.002 - Trust Modification
- T1190 - Exploit Public-Facing Application
- T1486 - Data Encrypted for Impact
- T1219.002 - Remote Desktop Software
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1078 - Valid Accounts
MITREへのリンク →
Score: 3.41
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 12.41
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1598.002 - Spearphishing Attachment
- T1078 - Valid Accounts
MITREへのリンク →
Score: 12.13
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1505.003 - Web Shell
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.71
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.012 - Process Hollowing
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.48
Matched TTPs:
- T1007 - System Service Discovery
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
MITREへのリンク →
Score: 28.12
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1491.001 - Internal Defacement
- T1134.003 - Make and Impersonate Token
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1055.012 - Process Hollowing
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.34
Matched TTPs:
- T1608.001 - Upload Malware
- T1593.001 - Social Media
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1095 - Non-Application Layer Protocol
MITREへのリンク →
Score: 19.55
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1059.003 - Windows Command Shell
- T1650 - Acquire Access
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 3.85
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 7.37
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1505.003 - Web Shell
- T1595.003 - Wordlist Scanning
MITREへのリンク →
Score: 8.49
Matched TTPs:
- T1589 - Gather Victim Identity Information
- T1598.004 - Spearphishing Voice
- T1078 - Valid Accounts
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1078 - Valid Accounts
MITREへのリンク →
Score: 17.97
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1505.003 - Web Shell
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1036.003 - Rename Legitimate Utilities
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.14
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1505.003 - Web Shell
- T1546.008 - Accessibility Features
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1542.002 - Component Firmware
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 5.83
Matched TTPs:
- T1552.001 - Credentials In Files
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1218.005 - Mshta
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 5.90
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1055.012 - Process Hollowing
- T1059.003 - Windows Command Shell
MITREへのリンク →
Score: 3.76
Matched TTPs:
- T1078 - Valid Accounts
- T1059.003 - Windows Command Shell
- T1070.004 - File Deletion
MITREへのリンク →
Score: 4.35
Matched TTPs:
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1187 - Forced Authentication
MITREへのリンク →
Score: 4.43
Matched TTPs:
- T1095 - Non-Application Layer Protocol
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1555.004 - Windows Credential Manager
MITREへのリンク →
Score: 4.31
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1552.001 - Credentials In Files
- T1007 - System Service Discovery
- T1593.001 - Social Media
- T1587.001 - Malware
- T1560.003 - Archive via Custom Method
- T1055.012 - Process Hollowing
- T1059.003 - Windows Command Shell
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1562.004 - Disable or Modify System Firewall
- T1113 - Screen Capture
- T1560.001 - Archive via Utility
- T1070.004 - File Deletion
- T1591 - Gather Victim Org Information
- T1550.002 - Pass the Hash
- T1219.002 - Remote Desktop Software
- T1505.003 - Web Shell
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1552.001 - Credentials In Files
- T1027.013 - Encrypted/Encoded File
- T1007 - System Service Discovery
- T1137.004 - Outlook Home Page
- T1113 - Screen Capture
- T1566.003 - Spearphishing via Service
- T1071.004 - DNS
- T1587.001 - Malware
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1555.004 - Windows Credential Manager
- T1505.003 - Web Shell
- T1556.002 - Password Filter DLL
- T1059.003 - Windows Command Shell
- T1008 - Fallback Channels
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1027.013 - Encrypted/Encoded File
- T1036.003 - Rename Legitimate Utilities
- T1218.005 - Mshta
- T1566.003 - Spearphishing via Service
- T1491.001 - Internal Defacement
- T1587.001 - Malware
- T1591 - Gather Victim Org Information
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1560.003 - Archive via Custom Method
- T1189 - Drive-by Compromise
- T1010 - Application Window Discovery
- T1059.003 - Windows Command Shell
- T1562.001 - Disable or Modify Tools
- T1008 - Fallback Channels
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1176.002 - IDE Extensions
- T1218.005 - Mshta
- T1598.003 - Spearphishing Link
- T1560.001 - Archive via Utility
- T1654 - Log Enumeration
- T1587.001 - Malware
- T1052.001 - Exfiltration over USB
- T1070.004 - File Deletion
- T1560.003 - Archive via Custom Method
- T1505.003 - Web Shell
- T1219.002 - Remote Desktop Software
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
- T1608.001 - Upload Malware
- T1095 - Non-Application Layer Protocol
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1589 - Gather Victim Identity Information
- T1007 - System Service Discovery
- T1113 - Screen Capture
- T1010 - Application Window Discovery
- T1560.001 - Archive via Utility
- T1654 - Log Enumeration
- T1070.004 - File Deletion
- T1591 - Gather Victim Org Information
- T1070.007 - Clear Network Connection History and Configurations
- T1078 - Valid Accounts
- T1596.005 - Scan Databases
- T1505.003 - Web Shell
- T1190 - Exploit Public-Facing Application
- T1059.003 - Windows Command Shell
- T1018 - Remote System Discovery
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design