Same packet, different magic: Hits India's banking sector and Korea geopolitics
概要
A new variant of the LOTUSLITE backdoor, version 1.1, has been identified targeting India's banking sector and South Korean diplomatic circles. The backdoor is delivered via DLL sideloading using legitimate Microsoft-signed executables and initially through CHM files containing malicious JavaScript. It communicates with dynamic DNS-based command-and-control servers over HTTPS, supporting remote shell access, file operations and session management. Code-level analysis reveals direct lineage to LOTUSLITE v1.0, including identical command structures, shared persistence mechanisms, and residual exports from the original codebase. The campaign demonstrates incremental improvements including updated magic values, API resolution techniques, and delivery mechanisms evolving from CHM-based to JavaScript loaders to DLL sideloading. Infrastructure hosted under Dynu Systems shows continuity with previous operations.
Created: 2026-05-22
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 7.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
MITREへのリンク →
Score: 13.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 13.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 7.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1051 - Shared Webroot
MITREへのリンク →
Score: 29.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1556.002 - Password Filter DLL
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1584.002 - DNS Server
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 12.68
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 30.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 8.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 11.70
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 10.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 6.68
Matched TTPs:
- T1560.001 - Archive via Utility
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 19.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.19
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
MITREへのリンク →
Score: 5.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 19.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 20.59
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 22.57
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1139 - Bash History
- T1131 - Authentication Package
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
MITREへのリンク →
Score: 26.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 20.18
Matched TTPs:
- T1560.001 - Archive via Utility
- T1556.002 - Password Filter DLL
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 61.25
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
MITREへのリンク →
Score: 11.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1051 - Shared Webroot
MITREへのリンク →
Score: 9.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 16.00
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 17.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 17.05
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 30.34
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 9.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 9.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1601 - Modify System Image
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.77
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 39.83
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 38.12
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →
Score: 22.18
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1592.004 - Client Configurations
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.14
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 6.73
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1090 - Proxy
MITREへのリンク →
Score: 13.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 5.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 17.62
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 12.58
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 16.14
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 6.28
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 9.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1051 - Shared Webroot
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 10.95
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 32.49
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 21.73
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 10.82
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 14.39
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1531 - Account Access Removal
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.15
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1590.006 - Network Security Appliances
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1584.008 - Network Devices
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1003.003 - NTDS
MITREへのリンク →
Score: 20.53
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 23.76
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 14.82
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 15.00
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.12
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 8.02
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 10.78
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 28.07
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 21.61
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 14.90
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 19.13
Matched TTPs:
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 14.35
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1601 - Modify System Image
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 9.28
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 12.08
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1584.002 - DNS Server
MITREへのリンク →
Score: 14.47
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1136.003 - Cloud Account
- T1128 - Netsh Helper DLL
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.85
Matched TTPs:
- T1608.005 - Link Target
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1213.006 - Databases
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
- T1126 - Network Share Connection Removal
- T1546.013 - PowerShell Profile
- T1131 - Authentication Package
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1051 - Shared Webroot
- T1546.011 - Application Shimming
- T1565.002 - Transmitted Data Manipulation
- T1609 - Container Administration Command
- T1690 - Prevent Command History Logging
- T1027.014 - Polymorphic Code
- T1197 - BITS Jobs
- T1003.003 - NTDS
- T1003.007 - Proc Filesystem
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design