Malicious Artifacts Found in Official KICS Docker Repository and Code Extensions
概要
Docker and Socket uncovered a supply chain compromise affecting Checkmarx KICS distribution channels. Attackers poisoned official Docker Hub images (tags v2.1.20, v2.1.21, alpine) and VS Code extensions (versions 1.17.0, 1.19.0), introducing unauthorized data exfiltration capabilities. The trojanized KICS binary collects and encrypts scan reports containing credentials from infrastructure-as-code files, transmitting them to external endpoints. Compromised VS Code extensions download mcpAddon.js via Bun runtime, harvesting GitHub tokens, AWS credentials, Azure tokens, npm configurations, and SSH keys. The malware creates public GitHub repositories for staging stolen data, injects malicious GitHub Actions workflows to capture repository secrets, and uses stolen npm credentials to identify writable packages for propagation. TeamPCP appears to claim responsibility for this multi-stage attack designed to steal developer credentials and propagate through CI/CD pipelines.
Created: 2026-05-22
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 21.31
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1547.011 - Plist Modification
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1668 - Exclusive Control
MITREへのリンク →
Score: 30.76
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 24.60
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 22.96
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1668 - Exclusive Control
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 15.22
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.73
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1090 - Proxy
MITREへのリンク →
Score: 14.58
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 18.51
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.001 - Compiled HTML File
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.74
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 31.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1690 - Prevent Command History Logging
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.24
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 20.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1560.003 - Archive via Custom Method
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 17.67
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
MITREへのリンク →
Score: 14.75
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 52.07
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1546.008 - Accessibility Features
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1668 - Exclusive Control
- T1526 - Cloud Service Discovery
- T1008 - Fallback Channels
MITREへのリンク →
Score: 12.93
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
MITREへのリンク →
Score: 9.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1051 - Shared Webroot
MITREへのリンク →
Score: 38.59
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1677 - Poisoned Pipeline Execution
- T1055.004 - Asynchronous Procedure Call
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1056 - Input Capture
- T1565.002 - Transmitted Data Manipulation
- T1526 - Cloud Service Discovery
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 22.25
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 11.77
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1056 - Input Capture
MITREへのリンク →
Score: 19.72
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 8.81
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 5.95
Matched TTPs:
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 21.23
Matched TTPs:
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1668 - Exclusive Control
MITREへのリンク →
Score: 6.23
Matched TTPs:
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1056 - Input Capture
MITREへのリンク →
Score: 20.83
Matched TTPs:
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
MITREへのリンク →
Score: 13.73
Matched TTPs:
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1526 - Cloud Service Discovery
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 34.90
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1578.003 - Delete Cloud Instance
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
- T1564.003 - Hidden Window
- T1668 - Exclusive Control
- T1008 - Fallback Channels
MITREへのリンク →
Score: 36.76
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 15.04
Matched TTPs:
- T1560.003 - Archive via Custom Method
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
MITREへのリンク →
Score: 11.29
Matched TTPs:
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 16.73
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1531 - Account Access Removal
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.17
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.39
Matched TTPs:
- T1584.008 - Network Devices
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 15.93
Matched TTPs:
- T1584.008 - Network Devices
- T1180 - Screensaver
- T1578.003 - Delete Cloud Instance
- T1677 - Poisoned Pipeline Execution
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 13.91
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 15.92
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1056 - Input Capture
- T1574.009 - Path Interception by Unquoted Path
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 26.56
Matched TTPs:
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1567.001 - Exfiltration to Code Repository
- T1597 - Search Closed Sources
- T1056 - Input Capture
- T1668 - Exclusive Control
- T1526 - Cloud Service Discovery
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 16.81
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1056 - Input Capture
- T1668 - Exclusive Control
MITREへのリンク →
Score: 15.25
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1574 - Hijack Execution Flow
- T1056 - Input Capture
- T1668 - Exclusive Control
MITREへのリンク →
Score: 23.32
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
- T1526 - Cloud Service Discovery
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.17
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 16.11
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 18.70
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1056 - Input Capture
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 25.50
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.76
Matched TTPs:
- T1063 - Security Software Discovery
- T1497.001 - System Checks
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 20.67
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
- T1056 - Input Capture
MITREへのリンク →
Score: 19.63
Matched TTPs:
- T1180 - Screensaver
- T1497.001 - System Checks
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1008 - Fallback Channels
MITREへのリンク →
Score: 22.65
Matched TTPs:
- T1180 - Screensaver
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 18.85
Matched TTPs:
- T1497.001 - System Checks
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.55
Matched TTPs:
- T1497.001 - System Checks
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.69
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1056 - Input Capture
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 11.64
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1677 - Poisoned Pipeline Execution
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 9.75
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 10.78
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 31.33
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1677 - Poisoned Pipeline Execution
- T1055.004 - Asynchronous Procedure Call
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
MITREへのリンク →
Score: 11.05
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 14.52
Matched TTPs:
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 6.09
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1056 - Input Capture
MITREへのリンク →
Score: 18.99
Matched TTPs:
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1090.002 - External Proxy
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.99
Matched TTPs:
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1056 - Input Capture
MITREへのリンク →
Score: 11.02
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 12.08
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.71
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 3.20
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 6.56
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1584.002 - DNS Server
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 8.15
Matched TTPs:
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.49
Matched TTPs:
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 11.80
Matched TTPs:
- T1051 - Shared Webroot
- T1567.001 - Exfiltration to Code Repository
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1055.002 - Portable Executable Injection
MITREへのリンク →
Score: 7.69
Matched TTPs:
- T1556.008 - Network Provider DLL
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 7.42
Matched TTPs:
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1597 - Search Closed Sources
- T1668 - Exclusive Control
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1056 - Input Capture
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 4.35
Matched TTPs:
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.21
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1008 - Fallback Channels
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1008 - Fallback Channels
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1027.004 - Compile After Delivery
- T1008 - Fallback Channels
- T1546.008 - Accessibility Features
- T1009 - Binary Padding
- T1027.014 - Polymorphic Code
- T1526 - Cloud Service Discovery
- T1590.006 - Network Security Appliances
- T1565.002 - Transmitted Data Manipulation
- T1690 - Prevent Command History Logging
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1213.006 - Databases
- T1056 - Input Capture
- T1546.013 - PowerShell Profile
- T1197 - BITS Jobs
- T1597 - Search Closed Sources
- T1051 - Shared Webroot
- T1668 - Exclusive Control
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design