Dissecting macOS intrusion from lure to compromise
概要
Microsoft Threat Intelligence uncovered a macOS-focused cyber campaign by North Korean threat actor Sapphire Sleet utilizing social engineering to compromise systems. The attack chain begins with a malicious AppleScript file disguised as a Zoom SDK update, which executes cascading payloads through curl-to-osascript chains. The campaign deploys multiple backdoors including com.apple.cli, services, icloudz, and com.google.chromes.updaters for persistence and command execution. Credential harvesting occurs through fake system dialogs that mimic legitimate macOS password prompts. The threat actor bypasses Transparency, Consent, and Control protections by directly manipulating the TCC database, enabling extensive data exfiltration targeting cryptocurrency wallets, browser credentials, Telegram sessions, SSH keys, and Apple Notes. Operations focus on cryptocurrency, finance, and blockchain organizations with the primary objective of stealing digital assets.
Created: 2026-04-17
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 11.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1110.003 - Password Spraying
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 14.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 24.57
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1518.002 - Backup Software Discovery
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1555.004 - Windows Credential Manager
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 13.29
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1555.003 - Credentials from Web Browsers
- T1110.003 - Password Spraying
- T1552.001 - Credentials In Files
- T1078 - Valid Accounts
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 13.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1552.001 - Credentials In Files
- T1078 - Valid Accounts
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 31.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1070.007 - Clear Network Connection History and Configurations
- T1584.003 - Virtual Private Server
- T1190 - Exploit Public-Facing Application
- T1010 - Application Window Discovery
- T1589 - Gather Victim Identity Information
- T1555.003 - Credentials from Web Browsers
- T1591 - Gather Victim Org Information
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1596.005 - Scan Databases
MITREへのリンク →
Score: 4.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 29.48
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1041 - Exfiltration Over C2 Channel
- T1052.001 - Exfiltration over USB
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 20.69
Matched TTPs:
- T1560.001 - Archive via Utility
- T1071.004 - DNS
- T1110.003 - Password Spraying
- T1041 - Exfiltration Over C2 Channel
- T1078 - Valid Accounts
- T1110.004 - Credential Stuffing
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 20.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.002 - DNS Server
- T1213.006 - Databases
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1608.003 - Install Digital Certificate
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 15.08
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 10.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1070.004 - File Deletion
MITREへのリンク →
Score: 13.71
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1110.003 - Password Spraying
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 16.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 37.65
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1555.003 - Credentials from Web Browsers
- T1546.008 - Accessibility Features
- T1071.002 - File Transfer Protocols
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1596.005 - Scan Databases
- T1480.001 - Environmental Keying
MITREへのリンク →
Score: 22.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1190 - Exploit Public-Facing Application
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 38.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1110.003 - Password Spraying
- T1591 - Gather Victim Org Information
- T1078 - Valid Accounts
- T1598 - Phishing for Information
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1550.002 - Pass the Hash
- T1137.002 - Office Test
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 25.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1213.006 - Databases
- T1584.003 - Virtual Private Server
- T1562.001 - Disable or Modify Tools
- T1584.006 - Web Services
- T1555.004 - Windows Credential Manager
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1550.003 - Pass the Ticket
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 16.23
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1070.007 - Clear Network Connection History and Configurations
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 51.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1218.005 - Mshta
- T1041 - Exfiltration Over C2 Channel
- T1591 - Gather Victim Org Information
- T1071.002 - File Transfer Protocols
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1593.001 - Social Media
- T1598 - Phishing for Information
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1550.002 - Pass the Hash
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 15.71
Matched TTPs:
- T1560.001 - Archive via Utility
- T1555.003 - Credentials from Web Browsers
- T1546.008 - Accessibility Features
- T1552.001 - Credentials In Files
- T1041 - Exfiltration Over C2 Channel
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1560.001 - Archive via Utility
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 19.28
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1587.001 - Malware
- T1583.005 - Botnet
- T1190 - Exploit Public-Facing Application
- T1041 - Exfiltration Over C2 Channel
- T1078 - Valid Accounts
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 6.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 20.08
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1552.001 - Credentials In Files
- T1134.003 - Make and Impersonate Token
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 18.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1218.005 - Mshta
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 33.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1071 - Application Layer Protocol
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1589 - Gather Victim Identity Information
- T1562.004 - Disable or Modify System Firewall
- T1595.002 - Vulnerability Scanning
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 10.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1595.002 - Vulnerability Scanning
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 13.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1071 - Application Layer Protocol
- T1190 - Exploit Public-Facing Application
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
MITREへのリンク →
Score: 13.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1558 - Steal or Forge Kerberos Tickets
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 9.47
Matched TTPs:
- T1560.001 - Archive via Utility
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1555.003 - Credentials from Web Browsers
- T1218.005 - Mshta
MITREへのリンク →
Score: 5.88
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 6.39
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1091 - Replication Through Removable Media
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 4.72
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 7.15
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1078 - Valid Accounts
- T1070.004 - File Deletion
MITREへのリンク →
Score: 18.47
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1041 - Exfiltration Over C2 Channel
- T1534 - Internal Spearphishing
- T1078 - Valid Accounts
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.37
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 32.40
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1010 - Application Window Discovery
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1218.005 - Mshta
- T1041 - Exfiltration Over C2 Channel
- T1591 - Gather Victim Org Information
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1036.003 - Rename Legitimate Utilities
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 6.72
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1562.001 - Disable or Modify Tools
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.57
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
MITREへのリンク →
Score: 13.64
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.57
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 3.36
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 13.74
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1003.002 - Security Account Manager
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 9.06
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.65
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 9.39
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1486 - Data Encrypted for Impact
- T1219.002 - Remote Desktop Software
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1190 - Exploit Public-Facing Application
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 12.89
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1091 - Replication Through Removable Media
- T1052.001 - Exfiltration over USB
- T1070.004 - File Deletion
MITREへのリンク →
Score: 28.94
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1593.001 - Social Media
- T1543.001 - Launch Agent
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.50
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Score: 24.27
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1071 - Application Layer Protocol
- T1608.001 - Upload Malware
- T1562.004 - Disable or Modify System Firewall
- T1595.002 - Vulnerability Scanning
- T1610 - Deploy Container
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 32.43
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1071.004 - DNS
- T1587.001 - Malware
- T1556.002 - Password Filter DLL
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1562.004 - Disable or Modify System Firewall
- T1555.003 - Credentials from Web Browsers
- T1552.001 - Credentials In Files
- T1078 - Valid Accounts
- T1555.004 - Windows Credential Manager
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 29.19
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1550.003 - Pass the Ticket
- T1218.005 - Mshta
- T1041 - Exfiltration Over C2 Channel
- T1036.003 - Rename Legitimate Utilities
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 19.71
Matched TTPs:
- T1027.013 - Encrypted/Encoded File
- T1587.001 - Malware
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1591 - Gather Victim Org Information
- T1486 - Data Encrypted for Impact
- T1598 - Phishing for Information
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.64
Matched TTPs:
- T1583.008 - Malvertising
- T1608.001 - Upload Malware
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1003.002 - Security Account Manager
- T1036.003 - Rename Legitimate Utilities
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 43.93
Matched TTPs:
- T1003.002 - Security Account Manager
- T1587.001 - Malware
- T1586.002 - Email Accounts
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1110.003 - Password Spraying
- T1546.008 - Accessibility Features
- T1550.003 - Pass the Ticket
- T1098.005 - Device Registration
- T1218.005 - Mshta
- T1078 - Valid Accounts
- T1027.006 - HTML Smuggling
- T1070.004 - File Deletion
- T1651 - Cloud Administration Command
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 24.81
Matched TTPs:
- T1003.002 - Security Account Manager
- T1598.003 - Spearphishing Link
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1595.002 - Vulnerability Scanning
- T1598.002 - Spearphishing Attachment
- T1071.002 - File Transfer Protocols
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 22.14
Matched TTPs:
- T1003.002 - Security Account Manager
- T1071.004 - DNS
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1110.003 - Password Spraying
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1550.002 - Pass the Hash
MITREへのリンク →
Score: 11.79
Matched TTPs:
- T1583.002 - DNS Server
- T1190 - Exploit Public-Facing Application
- T1546.008 - Accessibility Features
- T1078 - Valid Accounts
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 25.22
Matched TTPs:
- T1583.002 - DNS Server
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1010 - Application Window Discovery
- T1589 - Gather Victim Identity Information
- T1555.003 - Credentials from Web Browsers
- T1110.003 - Password Spraying
- T1534 - Internal Spearphishing
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1071.004 - DNS
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 9.62
Matched TTPs:
- T1071.004 - DNS
- T1218.003 - CMSTP
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 28.26
Matched TTPs:
- T1071.004 - DNS
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1591 - Gather Victim Org Information
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 11.72
Matched TTPs:
- T1587.001 - Malware
- T1552.001 - Credentials In Files
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 14.28
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1608.005 - Link Target
- T1041 - Exfiltration Over C2 Channel
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 30.82
Matched TTPs:
- T1587.001 - Malware
- T1213.006 - Databases
- T1598.003 - Spearphishing Link
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1555.003 - Credentials from Web Browsers
- T1041 - Exfiltration Over C2 Channel
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1499 - Endpoint Denial of Service
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1587.001 - Malware
- T1091 - Replication Through Removable Media
MITREへのリンク →
Score: 44.42
Matched TTPs:
- T1484.002 - Trust Modification
- T1598.003 - Spearphishing Link
- T1070.008 - Clear Mailbox Data
- T1589 - Gather Victim Identity Information
- T1598.004 - Spearphishing Voice
- T1552.001 - Credentials In Files
- T1204 - User Execution
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1598 - Phishing for Information
- T1219.002 - Remote Desktop Software
- T1018 - Remote System Discovery
- T1538 - Cloud Service Dashboard
MITREへのリンク →
Score: 10.87
Matched TTPs:
- T1484.002 - Trust Modification
- T1190 - Exploit Public-Facing Application
- T1486 - Data Encrypted for Impact
- T1219.002 - Remote Desktop Software
MITREへのリンク →
Score: 18.19
Matched TTPs:
- T1213.006 - Databases
- T1555.003 - Credentials from Web Browsers
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1134 - Access Token Manipulation
- T1018 - Remote System Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 10.47
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1110.003 - Password Spraying
- T1608.005 - Link Target
- T1078 - Valid Accounts
MITREへのリンク →
Score: 11.28
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1041 - Exfiltration Over C2 Channel
- T1598 - Phishing for Information
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 15.07
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1586.002 - Email Accounts
- T1608.001 - Upload Malware
- T1589 - Gather Victim Identity Information
- T1598.002 - Spearphishing Attachment
- T1078 - Valid Accounts
MITREへのリンク →
Score: 12.34
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1041 - Exfiltration Over C2 Channel
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 9.02
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 15.59
Matched TTPs:
- T1071 - Application Layer Protocol
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 7.58
Matched TTPs:
- T1071 - Application Layer Protocol
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1564.005 - Hidden File System
MITREへのリンク →
Score: 21.10
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1041 - Exfiltration Over C2 Channel
- T1534 - Internal Spearphishing
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 17.34
Matched TTPs:
- T1586.002 - Email Accounts
- T1589 - Gather Victim Identity Information
- T1555.003 - Credentials from Web Browsers
- T1598.004 - Spearphishing Voice
- T1204 - User Execution
- T1078 - Valid Accounts
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1586.002 - Email Accounts
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1598.002 - Spearphishing Attachment
MITREへのリンク →
Score: 20.37
Matched TTPs:
- T1608.001 - Upload Malware
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1134.003 - Make and Impersonate Token
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 9.70
Matched TTPs:
- T1608.001 - Upload Malware
- T1593.001 - Social Media
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 8.16
Matched TTPs:
- T1608.001 - Upload Malware
- T1070.008 - Clear Mailbox Data
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 16.83
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1562.004 - Disable or Modify System Firewall
- T1562.001 - Disable or Modify Tools
- T1078 - Valid Accounts
- T1486 - Data Encrypted for Impact
- T1650 - Acquire Access
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1041 - Exfiltration Over C2 Channel
- T1584.006 - Web Services
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.06
Matched TTPs:
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1078 - Valid Accounts
MITREへのリンク →
Score: 16.61
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1218.005 - Mshta
- T1562.001 - Disable or Modify Tools
- T1486 - Data Encrypted for Impact
- T1036.003 - Rename Legitimate Utilities
- T1070.004 - File Deletion
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1041 - Exfiltration Over C2 Channel
- T1555.004 - Windows Credential Manager
MITREへのリンク →
Score: 15.17
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1110.003 - Password Spraying
- T1055.013 - Process Doppelgänging
- T1552.001 - Credentials In Files
- T1189 - Drive-by Compromise
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 3.82
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 3.41
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.58
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.83
Matched TTPs:
- T1546.008 - Accessibility Features
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1218.005 - Mshta
- T1041 - Exfiltration Over C2 Channel
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1071.002 - File Transfer Protocols
MITREへのリンク →
Score: 4.35
Matched TTPs:
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 4.35
Matched TTPs:
- T1078 - Valid Accounts
- T1070.004 - File Deletion
- T1018 - Remote System Discovery
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 4.69
Matched TTPs:
- T1219.002 - Remote Desktop Software
- T1189 - Drive-by Compromise
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.13
Matched TTPs:
- T1189 - Drive-by Compromise
- T1204.001 - Malicious Link
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1564.005 - Hidden File System
- T1480.001 - Environmental Keying
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1591 - Gather Victim Org Information
- T1608.001 - Upload Malware
- T1218.005 - Mshta
- T1071.002 - File Transfer Protocols
- T1550.002 - Pass the Hash
- T1593.001 - Social Media
- T1041 - Exfiltration Over C2 Channel
- T1562.004 - Disable or Modify System Firewall
- T1587.001 - Malware
- T1552.001 - Credentials In Files
- T1070.004 - File Deletion
- T1560.001 - Archive via Utility
- T1598 - Phishing for Information
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1534 - Internal Spearphishing
- T1219.002 - Remote Desktop Software
- T1562.001 - Disable or Modify Tools
- T1204.001 - Malicious Link
- T1190 - Exploit Public-Facing Application
- T1586.002 - Email Accounts
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1204 - User Execution
- T1018 - Remote System Discovery
- T1219.002 - Remote Desktop Software
- T1538 - Cloud Service Dashboard
- T1041 - Exfiltration Over C2 Channel
- T1562.001 - Disable or Modify Tools
- T1552.001 - Credentials In Files
- T1486 - Data Encrypted for Impact
- T1598.003 - Spearphishing Link
- T1598 - Phishing for Information
- T1078 - Valid Accounts
- T1589 - Gather Victim Identity Information
- T1070.008 - Clear Mailbox Data
- T1484.002 - Trust Modification
- T1598.004 - Spearphishing Voice
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1546.008 - Accessibility Features
- T1550.003 - Pass the Ticket
- T1651 - Cloud Administration Command
- T1027.006 - HTML Smuggling
- T1566.003 - Spearphishing via Service
- T1587.001 - Malware
- T1190 - Exploit Public-Facing Application
- T1595.002 - Vulnerability Scanning
- T1110.003 - Password Spraying
- T1218.005 - Mshta
- T1586.002 - Email Accounts
- T1070.004 - File Deletion
- T1204.001 - Malicious Link
- T1078 - Valid Accounts
- T1098.005 - Device Registration
- T1003.002 - Security Account Manager
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design