LofyStealer: Malware targeting Minecraft players.
概要
A sophisticated two-stage infostealer named LofyStealer, also known as GrabBot/Slinky, targets Minecraft players through social engineering. The malware comprises a 53.5MB Node.js-based loader disguised within legitimate libraries and a 1.4MB native C++ payload that executes directly in memory. It extracts cookies, passwords, tokens, credit cards, and IBANs from eight different browsers including Chrome, Edge, Brave, Opera GX, and Firefox. The loader uses GitHub Actions for automated compilation while the payload employs direct syscalls to bypass EDR detection. Data is compressed via PowerShell, Base64-encoded, and exfiltrated to a Brazilian-hosted C2 server at 24.152.36.241. The operation is attributed with high confidence to the Brazilian cybercrime group LofyGang, operating a Malware-as-a-Service platform with Free and Premium tiers through a web panel branded as LofyStealer Advanced C2 Platform V2.0.
Created: 2026-05-01
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 51.53
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1683 - Generate Content
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.84
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 30.69
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1174 - Password Filter DLL
- T1506 - Web Session Cookie
- T1493 - Transmitted Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 41.31
Matched TTPs:
- T1596.003 - Digital Certificates
- T1099 - Timestomp
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
- T1065 - Uncommonly Used Port
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1574.002 - DLL Side-Loading
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.33
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 47.86
Matched TTPs:
- T1596.003 - Digital Certificates
- T1222.002 - Linux and Mac Permissions
- T1491.002 - External Defacement
- T1071.004 - DNS
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1131 - Authentication Package
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 28.70
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 19.82
Matched TTPs:
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1027.008 - Stripped Payloads
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
MITREへのリンク →
Score: 16.40
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 31.34
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1584.008 - Network Devices
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1039 - Data from Network Shared Drive
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1574.009 - Path Interception by Unquoted Path
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 56.84
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1071.004 - DNS
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1106 - Native API
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1209 - Time Providers
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
MITREへのリンク →
Score: 4.91
Matched TTPs:
- T1596.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 9.75
Matched TTPs:
- T1596.003 - Digital Certificates
- T1666 - Modify Cloud Resource Hierarchy
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 49.58
Matched TTPs:
- T1596.003 - Digital Certificates
- T1606.002 - SAML Tokens
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1016.002 - Wi-Fi Discovery
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 77.63
Matched TTPs:
- T1596.003 - Digital Certificates
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1583.005 - Botnet
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1131 - Authentication Package
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1218.012 - Verclsid
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1041 - Exfiltration Over C2 Channel
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
MITREへのリンク →
Score: 34.70
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1556.009 - Conditional Access Policies
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 19.45
Matched TTPs:
- T1596.003 - Digital Certificates
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1583.001 - Domains
- T1183 - Image File Execution Options Injection
- T1128 - Netsh Helper DLL
- T1030 - Data Transfer Size Limits
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 27.63
Matched TTPs:
- T1596.003 - Digital Certificates
- T1099 - Timestomp
- T1499.003 - Application Exhaustion Flood
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 47.62
Matched TTPs:
- T1596.003 - Digital Certificates
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.54
Matched TTPs:
- T1596.003 - Digital Certificates
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1218.010 - Regsvr32
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 36.82
Matched TTPs:
- T1596.003 - Digital Certificates
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1555.003 - Credentials from Web Browsers
- T1144 - Gatekeeper Bypass
- T1055.004 - Asynchronous Procedure Call
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1686.001 - Cloud Firewall
MITREへのリンク →
Score: 25.56
Matched TTPs:
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1027.008 - Stripped Payloads
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 57.64
Matched TTPs:
- T1596.003 - Digital Certificates
- T1584.008 - Network Devices
- T1071.004 - DNS
- T1598.003 - Spearphishing Link
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1552.004 - Private Keys
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1041 - Exfiltration Over C2 Channel
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1002 - Data Compressed
- T1574.009 - Path Interception by Unquoted Path
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1574.002 - DLL Side-Loading
MITREへのリンク →
Score: 70.92
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1036.004 - Masquerade Task or Service
- T1218.012 - Verclsid
- T1218.005 - Mshta
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1223 - Compiled HTML File
- T1555.004 - Windows Credential Manager
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 48.50
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 73.64
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1583.001 - Domains
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1144 - Gatekeeper Bypass
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1552.003 - Shell History
- T1218.005 - Mshta
- T1619 - Cloud Storage Object Discovery
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1022 - Data Encrypted
- T1134 - Access Token Manipulation
- T1027.002 - Software Packing
MITREへのリンク →
Score: 9.05
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 4.12
Matched TTPs:
- T1491.002 - External Defacement
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 6.77
Matched TTPs:
- T1491.002 - External Defacement
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.77
Matched TTPs:
- T1491.002 - External Defacement
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 23.30
Matched TTPs:
- T1491.002 - External Defacement
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.21
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1090 - Proxy
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 16.11
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1030 - Data Transfer Size Limits
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.30
Matched TTPs:
- T1491.002 - External Defacement
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1583.005 - Botnet
- T1562.001 - Disable or Modify Tools
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.65
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1039 - Data from Network Shared Drive
- T1683 - Generate Content
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 24.98
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.05
Matched TTPs:
- T1491.002 - External Defacement
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1218.010 - Regsvr32
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 7.08
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 13.29
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 20.79
Matched TTPs:
- T1491.002 - External Defacement
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.89
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1552.003 - Shell History
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 15.48
Matched TTPs:
- T1491.002 - External Defacement
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1030 - Data Transfer Size Limits
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.65
Matched TTPs:
- T1491.002 - External Defacement
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
- T1505 - Server Software Component
MITREへのリンク →
Score: 30.03
Matched TTPs:
- T1491.002 - External Defacement
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1555.003 - Credentials from Web Browsers
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1683 - Generate Content
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1209 - Time Providers
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1491.002 - External Defacement
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.69
Matched TTPs:
- T1491.002 - External Defacement
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
MITREへのリンク →
Score: 25.09
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1106 - Native API
- T1091 - Replication Through Removable Media
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1022 - Data Encrypted
- T1209 - Time Providers
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1491.002 - External Defacement
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 22.51
Matched TTPs:
- T1491.002 - External Defacement
- T1606.002 - SAML Tokens
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 43.40
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1590.003 - Network Trust Dependencies
- T1131 - Authentication Package
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1212 - Exploitation for Credential Access
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1039 - Data from Network Shared Drive
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 21.03
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1128 - Netsh Helper DLL
- T1601.001 - Patch System Image
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.07
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1039 - Data from Network Shared Drive
MITREへのリンク →
Score: 33.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 24.34
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.87
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1090 - Proxy
- T1218.001 - Compiled HTML File
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 13.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 32.54
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.012 - Verclsid
- T1584.005 - Botnet
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1065 - Uncommonly Used Port
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 31.86
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1039 - Data from Network Shared Drive
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.56
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 5.65
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1101 - Security Support Provider
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 45.65
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1218.012 - Verclsid
- T1102 - Web Service
- T1608.005 - Link Target
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1218.010 - Regsvr32
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1055.005 - Thread Local Storage
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 19.56
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1657 - Financial Theft
MITREへのリンク →
Score: 44.82
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1090 - Proxy
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1606.001 - Web Cookies
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1562.001 - Disable or Modify Tools
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 11.63
Matched TTPs:
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
- T1505 - Server Software Component
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 19.61
Matched TTPs:
- T1099 - Timestomp
- T1027.008 - Stripped Payloads
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1608.005 - Link Target
- T1039 - Data from Network Shared Drive
- T1134 - Access Token Manipulation
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 18.91
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.32
Matched TTPs:
- T1682 - Query Public AI Services
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.01
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.88
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1174 - Password Filter DLL
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
MITREへのリンク →
Score: 24.71
Matched TTPs:
- T1584.008 - Network Devices
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1657 - Financial Theft
- T1041 - Exfiltration Over C2 Channel
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 10.93
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1597 - Search Closed Sources
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 30.19
Matched TTPs:
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1038 - DLL Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1668 - Exclusive Control
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 25.14
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1102 - Web Service
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1218.010 - Regsvr32
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1003.003 - NTDS
MITREへのリンク →
Score: 15.48
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1587.003 - Digital Certificates
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1218.010 - Regsvr32
- T1059.013 - Container CLI/API
MITREへのリンク →
Score: 10.09
Matched TTPs:
- T1499.003 - Application Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 22.82
Matched TTPs:
- T1587.003 - Digital Certificates
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 14.90
Matched TTPs:
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 28.27
Matched TTPs:
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1590.003 - Network Trust Dependencies
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1059.003 - Windows Command Shell
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1209 - Time Providers
- T1668 - Exclusive Control
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 23.00
Matched TTPs:
- T1606.002 - SAML Tokens
- T1689 - Downgrade Attack
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.16
Matched TTPs:
- T1606.002 - SAML Tokens
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1584.005 - Botnet
- T1574.009 - Path Interception by Unquoted Path
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.60
Matched TTPs:
- T1606.002 - SAML Tokens
- T1583.005 - Botnet
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 16.63
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 3.59
Matched TTPs:
- T1606.002 - SAML Tokens
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 23.49
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1218.005 - Mshta
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1506 - Web Session Cookie
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 10.70
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1209 - Time Providers
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.36
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1608.005 - Link Target
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.02
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1027.004 - Compile After Delivery
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 19.29
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1608.005 - Link Target
- T1039 - Data from Network Shared Drive
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1608.006 - SEO Poisoning
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 15.80
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1091 - Replication Through Removable Media
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
- T1218.010 - Regsvr32
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.10
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1506 - Web Session Cookie
- T1027.018 - Invisible Unicode
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 18.07
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1530 - Data from Cloud Storage
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1027.018 - Invisible Unicode
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 12.03
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
- T1584.005 - Botnet
MITREへのリンク →
Score: 13.53
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 9.78
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1212 - Exploitation for Credential Access
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 10.57
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 6.02
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 7.83
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.012 - Verclsid
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.96
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.08
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 13.00
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1091 - Replication Through Removable Media
- T1218.012 - Verclsid
- T1657 - Financial Theft
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 4.10
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1055.004 - Asynchronous Procedure Call
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1590.003 - Network Trust Dependencies
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.27
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 3.27
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 24.99
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1106 - Native API
- T1552.004 - Private Keys
- T1144 - Gatekeeper Bypass
- T1102 - Web Service
- T1597 - Search Closed Sources
- T1506 - Web Session Cookie
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 11.71
Matched TTPs:
- T1583.005 - Botnet
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 7.20
Matched TTPs:
- T1583.005 - Botnet
- T1562.001 - Disable or Modify Tools
- T1209 - Time Providers
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 38.00
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1106 - Native API
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1555.003 - Credentials from Web Browsers
- T1183 - Image File Execution Options Injection
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1506 - Web Session Cookie
- T1598 - Phishing for Information
- T1601.001 - Patch System Image
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 14.29
Matched TTPs:
- T1590.003 - Network Trust Dependencies
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
- T1665 - Hide Infrastructure
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 24.63
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1606.001 - Web Cookies
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1039 - Data from Network Shared Drive
- T1027 - Obfuscated Files or Information
- T1506 - Web Session Cookie
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 24.52
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.004 - Private Keys
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1059.013 - Container CLI/API
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1022 - Data Encrypted
- T1134 - Access Token Manipulation
- T1209 - Time Providers
MITREへのリンク →
Score: 6.74
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1055.004 - Asynchronous Procedure Call
- T1209 - Time Providers
MITREへのリンク →
Score: 6.26
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.33
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1552.003 - Shell History
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 7.37
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1555.003 - Credentials from Web Browsers
- T1002 - Data Compressed
MITREへのリンク →
Score: 15.25
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1209 - Time Providers
MITREへのリンク →
Score: 12.74
Matched TTPs:
- T1137.005 - Outlook Rules
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 35.61
Matched TTPs:
- T1547.005 - Security Support Provider
- T1019 - System Firmware
- T1020 - Automated Exfiltration
- T1609 - Container Administration Command
- T1619 - Cloud Storage Object Discovery
- T1556.008 - Network Provider DLL
- T1039 - Data from Network Shared Drive
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 9.43
Matched TTPs:
- T1131 - Authentication Package
- T1552.003 - Shell History
- T1041 - Exfiltration Over C2 Channel
MITREへのリンク →
Score: 9.34
Matched TTPs:
- T1555.003 - Credentials from Web Browsers
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.29
Matched TTPs:
- T1547.011 - Plist Modification
- T1134 - Access Token Manipulation
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 3.62
Matched TTPs:
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1506 - Web Session Cookie
- T1596.003 - Digital Certificates
- T1027.018 - Invisible Unicode
- T1609 - Container Administration Command
- T1183 - Image File Execution Options Injection
- T1546.013 - PowerShell Profile
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1218.012 - Verclsid
- T1213.006 - Databases
- T1555.003 - Credentials from Web Browsers
- T1197 - BITS Jobs
- T1030 - Data Transfer Size Limits
- T1583.005 - Botnet
- T1552.003 - Shell History
- T1598.003 - Spearphishing Link
- T1665 - Hide Infrastructure
- T1606.002 - SAML Tokens
- T1608.005 - Link Target
- T1566.002 - Spearphishing Link
- T1041 - Exfiltration Over C2 Channel
- T1003.003 - NTDS
- T1140 - Deobfuscate/Decode Files or Information
- T1690 - Prevent Command History Logging
- T1131 - Authentication Package
- T1543.003 - Windows Service
- T1091 - Replication Through Removable Media
- T1003.007 - Proc Filesystem
MITREへのリンク →
Score: 0.66
Matched TTPs:
- T1022 - Data Encrypted
- T1556.008 - Network Provider DLL
- T1083 - File and Directory Discovery
- T1609 - Container Administration Command
- T1597 - Search Closed Sources
- T1218.005 - Mshta
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1134 - Access Token Manipulation
- T1030 - Data Transfer Size Limits
- T1564.003 - Hidden Window
- T1552.003 - Shell History
- T1027.002 - Software Packing
- T1583.001 - Domains
- T1685.004 - Disable or Modify Linux Audit System Log
- T1566.002 - Spearphishing Link
- T1547.005 - Security Support Provider
- T1619 - Cloud Storage Object Discovery
- T1019 - System Firmware
- T1666 - Modify Cloud Resource Hierarchy
- T1039 - Data from Network Shared Drive
- T1144 - Gatekeeper Bypass
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1556.008 - Network Provider DLL
- T1223 - Compiled HTML File
- T1027.018 - Invisible Unicode
- T1177 - LSASS Driver
- T1584.008 - Network Devices
- T1683 - Generate Content
- T1218.005 - Mshta
- T1218.012 - Verclsid
- T1027.004 - Compile After Delivery
- T1202 - Indirect Command Execution
- T1218.010 - Regsvr32
- T1555.003 - Credentials from Web Browsers
- T1608.006 - SEO Poisoning
- T1036.004 - Masquerade Task or Service
- T1598.003 - Spearphishing Link
- T1606.002 - SAML Tokens
- T1099 - Timestomp
- T1608.005 - Link Target
- T1140 - Deobfuscate/Decode Files or Information
- T1547.008 - LSASS Driver
- T1543.003 - Windows Service
- T1222.002 - Linux and Mac Permissions
- T1039 - Data from Network Shared Drive
- T1555.004 - Windows Credential Manager
- T1547.011 - Plist Modification
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design