Mach-O Man Malware: What CISOs Need to Know
概要
Lazarus Group is conducting an active campaign targeting businesses through ClickFix attacks, distributing a newly identified macOS malware kit called "Mach-O Man". The attack begins with fake meeting invitations via Telegram, redirecting victims to fraudulent collaboration platforms impersonating Zoom, Microsoft Teams, or Google Meet. Victims are tricked into executing terminal commands that install the malware. The kit consists of Go-based Mach-O binaries including a stager, profiler, persistence mechanism, and stealer. The malware collects credentials, browser data, and macOS Keychain entries, exfiltrating data through Telegram. Primary targets include fintech, crypto, and high-value environments where macOS is prevalent. The campaign leverages social engineering and native macOS binaries to evade traditional EDR detection, ultimately enabling account takeover, unauthorized infrastructure access, and financial loss.
Created: 2026-05-22
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 28.90
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.68
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1543.003 - Windows Service
- T1530 - Data from Cloud Storage
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.00
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 12.93
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.13
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 26.76
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1543.003 - Windows Service
- T1106 - Native API
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 15.42
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 26.83
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.36
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.49
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1543.003 - Windows Service
- T1051 - Shared Webroot
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.40
Matched TTPs:
- T1161 - LC_LOAD_DYLIB Addition
- T1099 - Timestomp
- T1547.013 - XDG Autostart Entries
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 27.48
Matched TTPs:
- T1056.001 - Keylogging
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1684 - Social Engineering
- T1131 - Authentication Package
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 20.73
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1055.004 - Asynchronous Procedure Call
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 12.09
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1090 - Proxy
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.97
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 10.14
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1090 - Proxy
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1684 - Social Engineering
- T1547.011 - Plist Modification
- T1048 - Exfiltration Over Alternative Protocol
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 31.83
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1586.003 - Cloud Accounts
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.58
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 21.71
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.54
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 19.94
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1684 - Social Engineering
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 60.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1608 - Stage Capabilities
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
- T1003.003 - NTDS
MITREへのリンク →
Score: 17.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1574.008 - Path Interception by Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.20
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 32.06
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1608 - Stage Capabilities
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 7.13
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 32.31
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1106 - Native API
- T1586.003 - Cloud Accounts
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 20.22
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 26.91
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 26.27
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1090 - Proxy
- T1608 - Stage Capabilities
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.74
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 17.43
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 32.81
Matched TTPs:
- T1099 - Timestomp
- T1003.007 - Proc Filesystem
- T1556.002 - Password Filter DLL
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
- T1065 - Uncommonly Used Port
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.17
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.76
Matched TTPs:
- T1682 - Query Public AI Services
- T1543.003 - Windows Service
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.21
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.85
Matched TTPs:
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.82
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.45
Matched TTPs:
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.39
Matched TTPs:
- T1584.008 - Network Devices
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 33.16
Matched TTPs:
- T1584.008 - Network Devices
- T1106 - Native API
- T1684 - Social Engineering
- T1562.004 - Disable or Modify System Firewall
- T1574.008 - Path Interception by Search Order Hijacking
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1048 - Exfiltration Over Alternative Protocol
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
- T1564.003 - Hidden Window
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.82
Matched TTPs:
- T1584.008 - Network Devices
- T1106 - Native API
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 16.25
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1106 - Native API
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.60
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1678 - Delay Execution
- T1574.009 - Path Interception by Unquoted Path
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 16.84
Matched TTPs:
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1684 - Social Engineering
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.08
Matched TTPs:
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1656 - Impersonation
- T1003.003 - NTDS
MITREへのリンク →
Score: 37.13
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 20.31
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1574.008 - Path Interception by Search Order Hijacking
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 23.48
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.66
Matched TTPs:
- T1543.003 - Windows Service
- T1574.009 - Path Interception by Unquoted Path
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.79
Matched TTPs:
- T1543.003 - Windows Service
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.51
Matched TTPs:
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.51
Matched TTPs:
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.10
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
MITREへのリンク →
Score: 13.96
Matched TTPs:
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1048 - Exfiltration Over Alternative Protocol
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.97
Matched TTPs:
- T1543.003 - Windows Service
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.22
Matched TTPs:
- T1543.003 - Windows Service
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.55
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.31
Matched TTPs:
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1497.001 - System Checks
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 28.10
Matched TTPs:
- T1497.001 - System Checks
- T1003.007 - Proc Filesystem
- T1106 - Native API
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1142 - Keychain
- T1597 - Search Closed Sources
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.47
Matched TTPs:
- T1497.001 - System Checks
- T1110.003 - Password Spraying
MITREへのリンク →
Score: 8.54
Matched TTPs:
- T1497.001 - System Checks
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.59
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1106 - Native API
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 11.44
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1574 - Hijack Execution Flow
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 12.12
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.10
Matched TTPs:
- T1106 - Native API
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.68
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 30.09
Matched TTPs:
- T1586.003 - Cloud Accounts
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1585 - Establish Accounts
- T1547.013 - XDG Autostart Entries
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 15.13
Matched TTPs:
- T1586.003 - Cloud Accounts
- T1684 - Social Engineering
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 23.14
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.36
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1684 - Social Engineering
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1684 - Social Engineering
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 3.24
Matched TTPs:
- T1684 - Social Engineering
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.68
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1562.004 - Disable or Modify System Firewall
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.74
Matched TTPs:
- T1574.008 - Path Interception by Search Order Hijacking
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 11.89
Matched TTPs:
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1656 - Impersonation
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.27
Matched TTPs:
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.01
Matched TTPs:
- T1142 - Keychain
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
- T1601.001 - Patch System Image
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.66
Matched TTPs:
- T1584.002 - DNS Server
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1213.003 - Code Repositories
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1131 - Authentication Package
- T1690 - Prevent Command History Logging
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1003.007 - Proc Filesystem
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1197 - BITS Jobs
- T1546.008 - Accessibility Features
- T1608 - Stage Capabilities
- T1609 - Container Administration Command
- T1027.004 - Compile After Delivery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1543.003 - Windows Service
- T1656 - Impersonation
- T1003.003 - NTDS
- T1213.006 - Databases
- T1547.013 - XDG Autostart Entries
- T1027.014 - Polymorphic Code
- T1684 - Social Engineering
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design