Pulse Detail-

Beyond PowerShell: Analyzing the Multi-Action ClickFix Variant

概要

This analysis documents a newly observed ClickFix variant that abuses native Windows utilities, specifically cmdkey and regsvr32, for payload delivery. Victims are socially engineered through fake CAPTCHA pages to execute a malicious command via the Windows Run dialog. The single command chains multiple actions: staging credentials using cmdkey, retrieving a remote DLL via regsvr32 from a UNC path, and executing it silently. The 64-bit DLL establishes persistence through a scheduled task pulled from a remote XML file hosted on attacker infrastructure. This approach avoids traditional malware drops and leverages exclusively trusted Windows components for high stealth. The variant demonstrates continued evolution of ClickFix techniques, moving beyond PowerShell to use command chaining with legitimate system tools.

Created: 2026-05-23

Indicators

FileHash-SHA256 - b2d9a99de44a7cd8faf396d0482268369d14a315edaf18a36fa273ffd5500108 -

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

APT3

Score: 13.01

Matched TTPs:

T1053.005 - Scheduled Task
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1055.004 - Asynchronous Procedure Call
T1051 - Shared Webroot
T1218.010 - Regsvr32

MITREへのリンク →

Cobalt Group

Score: 16.11

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1518.002 - Backup Software Discovery
T1598.004 - Spearphishing Voice
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

Silence

Score: 9.38

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1547.011 - Plist Modification
T1048 - Exfiltration Over Alternative Protocol

MITREへのリンク →

Chimera

Score: 5.79

Matched TTPs:

T1053.005 - Scheduled Task
T1055.004 - Asynchronous Procedure Call
T1665 - Hide Infrastructure

MITREへのリンク →

Patchwork

Score: 9.40

Matched TTPs:

T1053.005 - Scheduled Task
T1530 - Data from Cloud Storage
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

Daggerfly

Score: 7.66

Matched TTPs:

T1053.005 - Scheduled Task
T1584.008 - Network Devices
T1530 - Data from Cloud Storage

MITREへのリンク →

FIN7

Score: 9.40

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1027 - Obfuscated Files or Information

MITREへのリンク →

TA2541

Score: 7.28

Matched TTPs:

T1053.005 - Scheduled Task
T1099 - Timestomp
T1098.007 - Additional Local or Domain Groups
T1597 - Search Closed Sources

MITREへのリンク →

GALLIUM

Score: 8.30

Matched TTPs:

T1053.005 - Scheduled Task
T1584.008 - Network Devices
T1547.011 - Plist Modification
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

Sandworm Team

Score: 26.04

Matched TTPs:

T1053.005 - Scheduled Task
T1484.002 - Trust Modification
T1686.003 - Windows Host Firewall
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1183 - Image File Execution Options Injection
T1546.008 - Accessibility Features
T1055.004 - Asynchronous Procedure Call
T1027 - Obfuscated Files or Information
T1218.010 - Regsvr32

MITREへのリンク →

BlackByte

Score: 11.83

Matched TTPs:

T1053.005 - Scheduled Task
T1009 - Binary Padding
T1134.001 - Token Impersonation/Theft
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

HEXANE

Score: 15.18

Matched TTPs:

T1053.005 - Scheduled Task
T1099 - Timestomp
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection
T1055.004 - Asynchronous Procedure Call
T1159 - Launch Agent

MITREへのリンク →

Mustang Panda

Score: 32.66

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1053.007 - Container Orchestration Job
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1055.004 - Asynchronous Procedure Call
T1169 - Sudo
T1136.003 - Cloud Account
T1218.010 - Regsvr32
T1159 - Launch Agent
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

Magic Hound

Score: 25.57

Matched TTPs:

T1053.005 - Scheduled Task
T1099 - Timestomp
T1106 - Native API
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1547.005 - Security Support Provider
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1055.004 - Asynchronous Procedure Call
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

FIN13

Score: 17.88

Matched TTPs:

T1053.005 - Scheduled Task
T1099 - Timestomp
T1584.008 - Network Devices
T1547.005 - Security Support Provider
T1055.004 - Asynchronous Procedure Call
T1051 - Shared Webroot
T1134.001 - Token Impersonation/Theft

MITREへのリンク →

ToddyCat

Score: 8.13

Matched TTPs:

T1053.005 - Scheduled Task
T1009 - Binary Padding
T1055.004 - Asynchronous Procedure Call
T1665 - Hide Infrastructure

MITREへのリンク →

Blue Mockingbird

Score: 3.97

Matched TTPs:

T1053.005 - Scheduled Task
T1027.014 - Polymorphic Code

MITREへのリンク →

Molerats

Score: 3.20

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile

MITREへのリンク →

Storm-0501

Score: 22.45

Matched TTPs:

T1053.005 - Scheduled Task
T1685.004 - Disable or Modify Linux Audit System Log
T1686.003 - Windows Host Firewall
T1574.008 - Path Interception by Search Order Hijacking
T1027 - Obfuscated Files or Information
T1027.014 - Polymorphic Code
T1158 - Hidden Files and Directories

MITREへのリンク →

APT29

Score: 37.33

Matched TTPs:

T1053.005 - Scheduled Task
T1222.002 - Linux and Mac Permissions
T1099 - Timestomp
T1584.008 - Network Devices
T1202 - Indirect Command Execution
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1592.004 - Client Configurations
T1568 - Dynamic Resolution
T1556.008 - Network Provider DLL
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery

MITREへのリンク →

APT39

Score: 10.16

Matched TTPs:

T1053.005 - Scheduled Task
T1547.011 - Plist Modification
T1599 - Network Boundary Bridging
T1027.004 - Compile After Delivery

MITREへのリンク →

FIN8

Score: 9.06

Matched TTPs:

T1053.005 - Scheduled Task
T1099 - Timestomp
T1027 - Obfuscated Files or Information
T1556 - Modify Authentication Process

MITREへのリンク →

Wizard Spider

Score: 10.65

Matched TTPs:

T1053.005 - Scheduled Task
T1584.008 - Network Devices
T1183 - Image File Execution Options Injection
T1597 - Search Closed Sources
T1556 - Modify Authentication Process

MITREへのリンク →

Higaisa

Score: 7.52

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

APT41

Score: 22.76

Matched TTPs:

T1053.005 - Scheduled Task
T1584.008 - Network Devices
T1106 - Native API
T1574.008 - Path Interception by Search Order Hijacking
T1177 - LSASS Driver
T1055.004 - Asynchronous Procedure Call
T1048 - Exfiltration Over Alternative Protocol
T1027 - Obfuscated Files or Information
T1218.010 - Regsvr32

MITREへのリンク →

Earth Lusca

Score: 12.63

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1110.003 - Password Spraying
T1055.004 - Asynchronous Procedure Call
T1027.004 - Compile After Delivery

MITREへのリンク →

Ember Bear

Score: 13.07

Matched TTPs:

T1053.005 - Scheduled Task
T1584.008 - Network Devices
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1656 - Impersonation

MITREへのリンク →

Machete

Score: 3.56

Matched TTPs:

T1053.005 - Scheduled Task
T1027.004 - Compile After Delivery

MITREへのリンク →

APT42

Score: 8.87

Matched TTPs:

T1053.005 - Scheduled Task
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1599 - Network Boundary Bridging

MITREへのリンク →

RedCurl

Score: 12.99

Matched TTPs:

T1053.005 - Scheduled Task
T1016.002 - Wi-Fi Discovery
T1090 - Proxy
T1051 - Shared Webroot
T1027.004 - Compile After Delivery

MITREへのリンク →

Moonstone Sleet

Score: 7.37

Matched TTPs:

T1053.005 - Scheduled Task
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1027 - Obfuscated Files or Information

MITREへのリンク →

APT32

Score: 20.21

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1592.004 - Client Configurations
T1055.004 - Asynchronous Procedure Call
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1556 - Modify Authentication Process

MITREへのリンク →

Fox Kitten

Score: 10.47

Matched TTPs:

T1053.005 - Scheduled Task
T1177 - LSASS Driver
T1051 - Shared Webroot
T1656 - Impersonation

MITREへのリンク →

APT33

Score: 11.61

Matched TTPs:

T1053.005 - Scheduled Task
T1117 - Regsvr32
T1051 - Shared Webroot
T1218.010 - Regsvr32
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 25.18

Matched TTPs:

T1053.005 - Scheduled Task
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1117 - Regsvr32
T1055.004 - Asynchronous Procedure Call
T1051 - Shared Webroot
T1048 - Exfiltration Over Alternative Protocol
T1218.010 - Regsvr32
T1592.002 - Software
T1556 - Modify Authentication Process

MITREへのリンク →

APT38

Score: 23.47

Matched TTPs:

T1053.005 - Scheduled Task
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1055.004 - Asynchronous Procedure Call
T1590 - Gather Victim Network Information
T1048 - Exfiltration Over Alternative Protocol
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1493 - Transmitted Data Manipulation

MITREへのリンク →

menuPass

Score: 16.69

Matched TTPs:

T1053.005 - Scheduled Task
T1584.008 - Network Devices
T1527 - Application Access Token
T1106 - Native API
T1098.007 - Additional Local or Domain Groups
T1547.011 - Plist Modification
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

FIN6

Score: 7.74

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1597 - Search Closed Sources
T1556 - Modify Authentication Process

MITREへのリンク →

Lazarus Group

Score: 32.42

Matched TTPs:

T1053.005 - Scheduled Task
T1106 - Native API
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1547.011 - Plist Modification
T1055.004 - Asynchronous Procedure Call
T1069.001 - Local Groups
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1665 - Hide Infrastructure
T1556 - Modify Authentication Process

MITREへのリンク →

BRONZE BUTLER

Score: 13.45

Matched TTPs:

T1053.005 - Scheduled Task
T1592.004 - Client Configurations
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery
T1159 - Launch Agent

MITREへのリンク →

Winter Vivern

Score: 8.00

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1090 - Proxy

MITREへのリンク →

Dragonfly

Score: 15.64

Matched TTPs:

T1053.005 - Scheduled Task
T1584.008 - Network Devices
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1531 - Account Access Removal
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery

MITREへのリンク →

MuddyWater

Score: 26.33

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1518.002 - Backup Software Discovery
T1547.011 - Plist Modification
T1117 - Regsvr32
T1055.004 - Asynchronous Procedure Call
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery
T1159 - Launch Agent

MITREへのリンク →

Gamaredon Group

Score: 18.55

Matched TTPs:

T1053.005 - Scheduled Task
T1099 - Timestomp
T1527 - Application Access Token
T1098.007 - Additional Local or Domain Groups
T1090 - Proxy
T1554 - Compromise Host Software Binary
T1597 - Search Closed Sources

MITREへのリンク →

Kimsuky

Score: 37.54

Matched TTPs:

T1053.005 - Scheduled Task
T1546.013 - PowerShell Profile
T1053.007 - Container Orchestration Job
T1213.006 - Databases
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1546.008 - Accessibility Features
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1027.014 - Polymorphic Code
T1027.004 - Compile After Delivery
T1656 - Impersonation
T1665 - Hide Infrastructure

MITREへのリンク →

BITTER

Score: 4.23

Matched TTPs:

T1053.005 - Scheduled Task
T1098.007 - Additional Local or Domain Groups
T1218.010 - Regsvr32

MITREへのリンク →

Confucius

Score: 5.55

Matched TTPs:

T1053.005 - Scheduled Task
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

APT37

Score: 5.06

Matched TTPs:

T1053.005 - Scheduled Task
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery

MITREへのリンク →

APT28

Score: 14.02

Matched TTPs:

T1222.002 - Linux and Mac Permissions
T1098.007 - Additional Local or Domain Groups
T1547.011 - Plist Modification
T1218.010 - Regsvr32
T1055.008 - Ptrace System Calls

MITREへのリンク →

Scattered Spider

Score: 23.22

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy
T1685.004 - Disable or Modify Linux Audit System Log
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1051 - Shared Webroot
T1556.008 - Network Provider DLL
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1666 - Modify Cloud Resource Hierarchy

MITREへのリンク →

Turla

Score: 10.59

Matched TTPs:

T1546.013 - PowerShell Profile
T1099 - Timestomp
T1055.004 - Asynchronous Procedure Call
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Saint Bear

Score: 5.26

Matched TTPs:

T1546.013 - PowerShell Profile
T1597 - Search Closed Sources
T1218.010 - Regsvr32

MITREへのリンク →

Sidewinder

Score: 9.50

Matched TTPs:

T1546.013 - PowerShell Profile
T1090 - Proxy
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

Contagious Interview

Score: 23.16

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1021.006 - Windows Remote Management
T1183 - Image File Execution Options Injection
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery
T1656 - Impersonation
T1556 - Modify Authentication Process

MITREへのリンク →

LazyScripter

Score: 3.49

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups

MITREへのリンク →

TA505

Score: 17.62

Matched TTPs:

T1546.013 - PowerShell Profile
T1527 - Application Access Token
T1098.007 - Additional Local or Domain Groups
T1016.002 - Wi-Fi Discovery
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Indrik Spider

Score: 14.54

Matched TTPs:

T1546.013 - PowerShell Profile
T1574.008 - Path Interception by Search Order Hijacking
T1183 - Image File Execution Options Injection
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Leafminer

Score: 8.12

Matched TTPs:

T1546.013 - PowerShell Profile
T1117 - Regsvr32
T1051 - Shared Webroot

MITREへのリンク →

Star Blizzard

Score: 8.71

Matched TTPs:

T1546.013 - PowerShell Profile
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection

MITREへのリンク →

Lotus Blossom

Score: 4.48

Matched TTPs:

T1099 - Timestomp
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

HAFNIUM

Score: 6.88

Matched TTPs:

T1099 - Timestomp
T1055.008 - Ptrace System Calls

MITREへのリンク →

Volt Typhoon

Score: 25.10

Matched TTPs:

T1099 - Timestomp
T1686.003 - Windows Host Firewall
T1556.002 - Password Filter DLL
T1547.005 - Security Support Provider
T1055.004 - Asynchronous Procedure Call
T1584.002 - DNS Server
T1159 - Launch Agent
T1665 - Hide Infrastructure

MITREへのリンク →

Ke3chang

Score: 12.15

Matched TTPs:

T1584.008 - Network Devices
T1198 - SIP and Trust Provider Hijacking
T1090 - Proxy
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

Agrius

Score: 4.39

Matched TTPs:

T1584.008 - Network Devices
T1597 - Search Closed Sources

MITREへのリンク →

APT5

Score: 7.36

Matched TTPs:

T1584.008 - Network Devices
T1106 - Native API
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

Threat Group-3390

Score: 11.47

Matched TTPs:

T1584.008 - Network Devices
T1098.007 - Additional Local or Domain Groups
T1218.003 - CMSTP
T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32

MITREへのリンク →

Leviathan

Score: 16.31

Matched TTPs:

T1484.002 - Trust Modification
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1554 - Compromise Host Software Binary
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

PROMETHIUM

Score: 3.84

Matched TTPs:

T1530 - Data from Cloud Storage

MITREへのリンク →

UNC3886

Score: 20.37

Matched TTPs:

T1556.002 - Password Filter DLL
T1218 - System Binary Proxy Execution
T1009 - Binary Padding
T1021.006 - Windows Remote Management
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery

MITREへのリンク →

Aquatic Panda

Score: 4.83

Matched TTPs:

T1106 - Native API
T1597 - Search Closed Sources

MITREへのリンク →

Medusa Group

Score: 15.93

Matched TTPs:

T1106 - Native API
T1218.003 - CMSTP
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

TeamTNT

Score: 19.62

Matched TTPs:

T1106 - Native API
T1098.007 - Additional Local or Domain Groups
T1009 - Binary Padding
T1110.003 - Password Spraying
T1055.004 - Asynchronous Procedure Call
T1051 - Shared Webroot
T1597 - Search Closed Sources
T1665 - Hide Infrastructure

MITREへのリンク →

Akira

Score: 8.68

Matched TTPs:

T1137.005 - Outlook Rules
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Storm-1811

Score: 12.24

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1027 - Obfuscated Files or Information
T1599 - Network Boundary Bridging
T1486 - Data Encrypted for Impact

MITREへのリンク →

APT1

Score: 5.54

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

Transparent Tribe

Score: 3.01

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1218.010 - Regsvr32

MITREへのリンク →

ZIRCONIUM

Score: 3.86

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1027.004 - Compile After Delivery

MITREへのリンク →

EXOTIC LILY

Score: 5.30

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1218.010 - Regsvr32

MITREへのリンク →

Silent Librarian

Score: 7.65

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1546.008 - Accessibility Features

MITREへのリンク →

Sea Turtle

Score: 7.14

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1218 - System Binary Proxy Execution
T1218.010 - Regsvr32

MITREへのリンク →

CURIUM

Score: 3.80

Matched TTPs:

T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection

MITREへのリンク →

LAPSUS$

Score: 6.77

Matched TTPs:

T1547.005 - Security Support Provider
T1556.008 - Network Provider DLL

MITREへのリンク →

Salt Typhoon

Score: 8.93

Matched TTPs:

T1009 - Binary Padding
T1110.003 - Password Spraying
T1556 - Modify Authentication Process

MITREへのリンク →

Rocke

Score: 6.48

Matched TTPs:

T1009 - Binary Padding
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery

MITREへのリンク →

Velvet Ant

Score: 5.87

Matched TTPs:

T1009 - Binary Padding
T1055.004 - Asynchronous Procedure Call
T1597 - Search Closed Sources

MITREへのリンク →

Cinnamon Tempest

Score: 5.96

Matched TTPs:

T1574.008 - Path Interception by Search Order Hijacking
T1027.004 - Compile After Delivery

MITREへのリンク →

Tonto Team

Score: 6.58

Matched TTPs:

T1547.011 - Plist Modification
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery

MITREへのリンク →

Deep Panda

Score: 6.03

Matched TTPs:

T1177 - LSASS Driver
T1027.014 - Polymorphic Code

MITREへのリンク →

Axiom

Score: 4.78

Matched TTPs:

T1177 - LSASS Driver
T1218.010 - Regsvr32

MITREへのリンク →

Tropic Trooper

Score: 16.23

Matched TTPs:

T1090 - Proxy
T1055.004 - Asynchronous Procedure Call
T1136.003 - Cloud Account
T1218.010 - Regsvr32
T1159 - Launch Agent
T1665 - Hide Infrastructure

MITREへのリンク →

Andariel

Score: 3.23

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32

MITREへのリンク →

admin@338

Score: 3.23

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32

MITREへのリンク →

INC Ransom

Score: 5.87

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

APT12

Score: 6.03

Matched TTPs:

T1055.002 - Portable Executable Injection
T1218.010 - Regsvr32

MITREへのリンク →

Dark Caracal

Score: 3.44

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol

MITREへのリンク →

DarkHydrus

Score: 4.13

Matched TTPs:

T1531 - Account Access Removal

MITREへのリンク →

Inception

Score: 6.99

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

SideCopy

Score: 6.88

Matched TTPs:

T1584.002 - DNS Server
T1159 - Launch Agent

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1656 - Impersonation

MITREへのリンク →

DarkVishnya

Score: 4.54

Matched TTPs:

T1213.003 - Code Repositories

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70

Matched TTPs:

T1546.008 - Accessibility Features
T1597 - Search Closed Sources
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1546.013 - PowerShell Profile
T1051 - Shared Webroot
T1665 - Hide Infrastructure
T1027.014 - Polymorphic Code
T1213.006 - Databases
T1098.007 - Additional Local or Domain Groups
T1027.004 - Compile After Delivery
T1053.005 - Scheduled Task
T1656 - Impersonation
T1053.007 - Container Orchestration Job

MITREへのリンク →

APT29

Score: 0.70

Matched TTPs:

T1584.008 - Network Devices
T1556.008 - Network Provider DLL
T1099 - Timestomp
T1547.011 - Plist Modification
T1218.010 - Regsvr32
T1592.004 - Client Configurations
T1202 - Indirect Command Execution
T1027.004 - Compile After Delivery
T1053.005 - Scheduled Task
T1568 - Dynamic Resolution
T1177 - LSASS Driver
T1222.002 - Linux and Mac Permissions

MITREへのリンク →

Mustang Panda

Score: 0.61

Matched TTPs:

T1055.005 - Thread Local Storage
T1169 - Sudo
T1183 - Image File Execution Options Injection
T1546.013 - PowerShell Profile
T1136.003 - Cloud Account
T1218.010 - Regsvr32
T1098.007 - Additional Local or Domain Groups
T1159 - Launch Agent
T1556 - Modify Authentication Process
T1055.004 - Asynchronous Procedure Call
T1053.005 - Scheduled Task
T1053.007 - Container Orchestration Job

MITREへのリンク →

Lazarus Group

Score: 0.60

Matched TTPs:

T1597 - Search Closed Sources
T1055.005 - Thread Local Storage
T1547.011 - Plist Modification
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1665 - Hide Infrastructure
T1218.010 - Regsvr32
T1098.007 - Additional Local or Domain Groups
T1106 - Native API
T1556 - Modify Authentication Process
T1055.004 - Asynchronous Procedure Call
T1053.005 - Scheduled Task
T1069.001 - Local Groups

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Beyond PowerShell: Analyzing the Multi-Action ClickFix Variant

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ