Dissecting FudCrypt: A Real-World Malware Crypting Service Analysis
概要
FudCrypt is a Cryptor-as-a-Service platform offering subscription-based malware obfuscation for $800 to $2,000 monthly. The service wraps customer payloads in multi-stage deployment packages featuring DLL sideloading, AMSI and ETW interference, silent UAC elevation via CMSTPLUA, and Windows Defender tampering through Group Policy. Analysis of recovered server infrastructure revealed 200 registered users, 334 builds, and comprehensive fleet C2 command history across 32 enrolled agents. The operator maintains a separate signing infrastructure using four Azure Trusted Signing accounts to sign operator-controlled binaries including fleet agents, native loaders, and ScreenConnect installers. The platform employs 20 undocumented DLL sideload carrier profiles, per-build polymorphic encryption with layered XOR-32, RC4-16, and custom S-box transforms, and an advanced development branch featuring indirect syscalls, module stomping, fiber-based execution, and Ekko sleep obfuscation. Server infrastructure included exp...
Created: 2026-05-22
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 27.48
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 24.72
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1131 - Authentication Package
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 39.89
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1560.003 - Archive via Custom Method
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.87
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1090 - Proxy
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 25.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 15.34
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 12.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 29.02
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.37
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 22.77
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1560.003 - Archive via Custom Method
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 17.37
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.18
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1087.004 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 51.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1656 - Impersonation
- T1601.001 - Patch System Image
- T1526 - Cloud Service Discovery
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.75
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 30.20
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1526 - Cloud Service Discovery
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 9.22
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 33.91
Matched TTPs:
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1106 - Native API
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 12.90
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1601.001 - Patch System Image
- T1159 - Launch Agent
MITREへのリンク →
Score: 32.49
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 25.98
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.07
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1099 - Timestomp
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 17.01
Matched TTPs:
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 12.51
Matched TTPs:
- T1099 - Timestomp
- T1049 - System Network Connections Discovery
- T1608.005 - Link Target
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 31.69
Matched TTPs:
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1556.002 - Password Filter DLL
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1584.002 - DNS Server
- T1546.016 - Installer Packages
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.03
Matched TTPs:
- T1099 - Timestomp
- T1504 - PowerShell Profile
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 23.05
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1106 - Native API
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 15.55
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 8.35
Matched TTPs:
- T1584.008 - Network Devices
- T1573 - Encrypted Channel
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 9.05
Matched TTPs:
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 14.55
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1573 - Encrypted Channel
- T1027.004 - Compile After Delivery
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 14.12
Matched TTPs:
- T1584.008 - Network Devices
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1584.008 - Network Devices
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.21
Matched TTPs:
- T1584.008 - Network Devices
- T1180 - Screensaver
- T1106 - Native API
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 15.47
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1106 - Native API
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 19.90
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1055.004 - Asynchronous Procedure Call
- T1573 - Encrypted Channel
- T1526 - Cloud Service Discovery
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 17.29
Matched TTPs:
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 12.75
Matched TTPs:
- T1584.008 - Network Devices
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
MITREへのリンク →
Score: 15.06
Matched TTPs:
- T1587.003 - Digital Certificates
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 8.94
Matched TTPs:
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1218 - System Binary Proxy Execution
MITREへのリンク →
Score: 8.82
Matched TTPs:
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 14.62
Matched TTPs:
- T1587.003 - Digital Certificates
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 16.69
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1504 - PowerShell Profile
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 39.63
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 15.49
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1027.014 - Polymorphic Code
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 12.72
Matched TTPs:
- T1180 - Screensaver
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 26.50
Matched TTPs:
- T1180 - Screensaver
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 10.90
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1547.011 - Plist Modification
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 19.65
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1592.002 - Software
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 18.88
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1218 - System Binary Proxy Execution
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.69
Matched TTPs:
- T1106 - Native API
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 19.81
Matched TTPs:
- T1106 - Native API
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 15.78
Matched TTPs:
- T1106 - Native API
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 36.18
Matched TTPs:
- T1106 - Native API
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1546.016 - Installer Packages
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 11.60
Matched TTPs:
- T1137.005 - Outlook Rules
- T1504 - PowerShell Profile
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 26.21
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1197 - BITS Jobs
- T1146 - Clear Command History
- T1588.003 - Code Signing Certificates
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1504 - PowerShell Profile
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 11.28
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 12.51
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 15.51
Matched TTPs:
- T1009 - Binary Padding
- T1504 - PowerShell Profile
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.91
Matched TTPs:
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
MITREへのリンク →
Score: 11.11
Matched TTPs:
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1656 - Impersonation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 14.73
Matched TTPs:
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 14.57
Matched TTPs:
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 11.13
Matched TTPs:
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 9.49
Matched TTPs:
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 6.82
Matched TTPs:
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.66
Matched TTPs:
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1159 - Launch Agent
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.79
Matched TTPs:
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
Score: 4.70
Matched TTPs:
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1591.001 - Determine Physical Locations
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1656 - Impersonation
- T1597 - Search Closed Sources
- T1098.007 - Additional Local or Domain Groups
- T1665 - Hide Infrastructure
- T1546.008 - Accessibility Features
- T1546.013 - PowerShell Profile
- T1197 - BITS Jobs
- T1131 - Authentication Package
- T1027.004 - Compile After Delivery
- T1087.004 - Cloud Account
- T1609 - Container Administration Command
- T1213.006 - Databases
- T1009 - Binary Padding
- T1051 - Shared Webroot
- T1027.014 - Polymorphic Code
- T1526 - Cloud Service Discovery
- T1608.005 - Link Target
- T1183 - Image File Execution Options Injection
- T1601.001 - Patch System Image
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design