Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
概要
The Silver Fox threat group conducted phishing campaigns in December 2025 and January 2026, impersonating tax authorities in India and Russia. Malicious emails contained archives with a modified Rust-based RustSL loader that deployed ValleyRAT backdoor. Over 1600 malicious emails targeted organizations across industrial, consulting, retail, and transportation sectors. During investigation, a previously undocumented Python-based backdoor named ABCDoor was discovered, active since late 2024. The attacks utilized multi-stage infection chains involving encrypted payloads, custom ValleyRAT modules, and various persistence mechanisms including Phantom Persistence technique. ABCDoor features remote control capabilities, screen broadcasting using ffmpeg, and file manipulation functions. The group employed sophisticated evasion techniques including geofencing, string encryption, and mimicking legitimate VPN services.
Created: 2026-05-04
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 11.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1055.008 - Ptrace System Calls
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 14.03
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 16.61
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1051 - Shared Webroot
MITREへのリンク →
Score: 27.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1003.007 - Proc Filesystem
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
- T1065 - Uncommonly Used Port
MITREへのリンク →
Score: 12.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1053.002 - At
MITREへのリンク →
Score: 33.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1574 - Hijack Execution Flow
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.001 - Spearphishing Attachment
- T1547.011 - Plist Modification
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.64
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 33.20
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1574.008 - Path Interception by Search Order Hijacking
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1574.009 - Path Interception by Unquoted Path
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 16.68
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 28.82
Matched TTPs:
- T1560.001 - Archive via Utility
- T1222.002 - Linux and Mac Permissions
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1547.011 - Plist Modification
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1585 - Establish Accounts
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 28.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1003.007 - Proc Filesystem
- T1131 - Authentication Package
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 19.89
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 65.90
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1003.003 - NTDS
- T1053.002 - At
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 17.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1560.003 - Archive via Custom Method
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 9.43
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.24
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 9.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1109 - Component Firmware
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 18.61
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1560.003 - Archive via Custom Method
- T1584.008 - Network Devices
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 15.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 25.66
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1053.002 - At
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 29.02
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1556 - Modify Authentication Process
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 28.20
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 3.77
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1090 - Proxy
MITREへのリンク →
Score: 12.37
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 31.22
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.49
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 20.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1560.003 - Archive via Custom Method
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 19.79
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1065 - Uncommonly Used Port
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.19
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 17.07
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1574.008 - Path Interception by Search Order Hijacking
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1051 - Shared Webroot
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 12.25
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 8.45
Matched TTPs:
- T1109 - Component Firmware
- T1087.004 - Cloud Account
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 34.35
Matched TTPs:
- T1109 - Component Firmware
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1075 - Pass the Hash
MITREへのリンク →
Score: 41.72
Matched TTPs:
- T1109 - Component Firmware
- T1560.003 - Archive via Custom Method
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.84
Matched TTPs:
- T1109 - Component Firmware
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 11.91
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1065 - Uncommonly Used Port
MITREへのリンク →
Score: 21.69
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 6.06
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 7.82
Matched TTPs:
- T1682 - Query Public AI Services
- T1053.002 - At
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 15.85
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1531 - Account Access Removal
- T1573 - Encrypted Channel
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 16.34
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1055.004 - Asynchronous Procedure Call
- T1573 - Encrypted Channel
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1584.008 - Network Devices
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1003.003 - NTDS
MITREへのリンク →
Score: 20.31
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1574.008 - Path Interception by Search Order Hijacking
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 20.63
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
MITREへのリンク →
Score: 18.11
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 21.77
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1592.002 - Software
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.44
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1530 - Data from Cloud Storage
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1053.002 - At
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 23.67
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 12.51
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
MITREへのリンク →
Score: 9.40
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 12.90
Matched TTPs:
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1009 - Binary Padding
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 10.94
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.58
Matched TTPs:
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 5.96
Matched TTPs:
- T1574.008 - Path Interception by Search Order Hijacking
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 11.82
Matched TTPs:
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 14.75
Matched TTPs:
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1055.002 - Portable Executable Injection
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 7.42
Matched TTPs:
- T1584.002 - DNS Server
- T1053.002 - At
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1690 - Prevent Command History Logging
- T1183 - Image File Execution Options Injection
- T1027.004 - Compile After Delivery
- T1546.011 - Application Shimming
- T1560.001 - Archive via Utility
- T1087.004 - Cloud Account
- T1546.008 - Accessibility Features
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1490 - Inhibit System Recovery
- T1027.014 - Polymorphic Code
- T1009 - Binary Padding
- T1051 - Shared Webroot
- T1003.003 - NTDS
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1053.002 - At
- T1565.002 - Transmitted Data Manipulation
- T1609 - Container Administration Command
- T1597 - Search Closed Sources
- T1213.006 - Databases
- T1197 - BITS Jobs
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design