Popular DAEMON Tools software compromised
概要
Since April 8, 2026, installers of DAEMON Tools software have been compromised with malicious payloads distributed through the legitimate website. Versions 12.5.0.2421 to 12.5.0.2434 contain trojaned binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe) signed with legitimate developer certificates. The attack has affected thousands of systems across over 100 countries, though advanced payloads were selectively deployed to approximately a dozen machines in government, scientific, manufacturing, and retail organizations. Initial infection establishes backdoor communications to typosquatted domains, followed by deployment of an information collector for system profiling. Targeted systems receive additional implants including a minimalistic backdoor and QUIC RAT. Chinese-language strings found in malicious components suggest a Chinese-speaking threat actor. The attack remains active at time of publication, demonstrating sophisticated supply chain compromise techniques comparable to the 2023 3CX ...
Created: 2026-05-05
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 15.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1055.008 - Ptrace System Calls
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 17.73
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 23.54
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
MITREへのリンク →
Score: 5.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1027.016 - Junk Code Insertion
MITREへのリンク →
Score: 12.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 30.26
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1584.002 - DNS Server
- T1546.016 - Installer Packages
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.85
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1668 - Exclusive Control
MITREへのリンク →
Score: 34.67
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1596.001 - DNS/Passive DNS
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1183 - Image File Execution Options Injection
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 9.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 18.01
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1027.016 - Junk Code Insertion
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 14.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.001 - DNS/Passive DNS
- T1063 - Security Software Discovery
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 19.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1165 - Startup Items
- T1566.001 - Spearphishing Attachment
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.29
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.47
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1180 - Screensaver
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 12.17
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 14.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1668 - Exclusive Control
MITREへのリンク →
Score: 19.61
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
- T1668 - Exclusive Control
MITREへのリンク →
Score: 18.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 29.06
Matched TTPs:
- T1560.001 - Archive via Utility
- T1222.002 - Linux and Mac Permissions
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1027.016 - Junk Code Insertion
- T1547.011 - Plist Modification
- T1197 - BITS Jobs
- T1668 - Exclusive Control
- T1055.008 - Ptrace System Calls
- T1546.007 - Netsh Helper DLL
MITREへのリンク →
Score: 34.38
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1546.016 - Installer Packages
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.10
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 20.57
Matched TTPs:
- T1560.001 - Archive via Utility
- T1596.001 - DNS/Passive DNS
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1546.011 - Application Shimming
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 55.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1665 - Hide Infrastructure
- T1003.003 - NTDS
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 9.99
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 22.05
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 6.07
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 22.18
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
- T1668 - Exclusive Control
MITREへのリンク →
Score: 24.90
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 25.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 12.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1165 - Startup Items
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
MITREへのリンク →
Score: 12.56
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 7.63
Matched TTPs:
- T1560.001 - Archive via Utility
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 39.09
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 39.25
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1685.004 - Disable or Modify Linux Audit System Log
- T1165 - Startup Items
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1543.003 - Windows Service
MITREへのリンク →
Score: 23.94
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 6.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.60
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1090 - Proxy
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 16.18
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 6.58
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 20.81
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.80
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.41
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 17.85
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 12.57
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1087.004 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 15.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1165 - Startup Items
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 6.58
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.016 - Junk Code Insertion
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 15.82
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1055.004 - Asynchronous Procedure Call
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 21.16
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.51
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1584.008 - Network Devices
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 17.23
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1531 - Account Access Removal
- T1027.004 - Compile After Delivery
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 11.16
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 15.48
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1027.016 - Junk Code Insertion
- T1597 - Search Closed Sources
- T1668 - Exclusive Control
- T1003.003 - NTDS
MITREへのリンク →
Score: 16.99
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 35.97
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1543.003 - Windows Service
- T1165 - Startup Items
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1546.016 - Installer Packages
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.57
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1543.003 - Windows Service
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 8.30
Matched TTPs:
- T1596.001 - DNS/Passive DNS
- T1543.003 - Windows Service
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 19.07
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1140 - Deobfuscate/Decode Files or Information
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 41.07
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1543.003 - Windows Service
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 24.77
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 11.69
Matched TTPs:
- T1180 - Screensaver
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 24.16
Matched TTPs:
- T1180 - Screensaver
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.25
Matched TTPs:
- T1543.003 - Windows Service
- T1087.004 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.79
Matched TTPs:
- T1543.003 - Windows Service
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 10.72
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 19.26
Matched TTPs:
- T1543.003 - Windows Service
- T1165 - Startup Items
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 12.08
Matched TTPs:
- T1543.003 - Windows Service
- T1165 - Startup Items
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1543.003 - Windows Service
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.25
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 16.49
Matched TTPs:
- T1165 - Startup Items
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 7.55
Matched TTPs:
- T1165 - Startup Items
- T1140 - Deobfuscate/Decode Files or Information
- T1110.003 - Password Spraying
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.20
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.76
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 11.71
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.22
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 9.29
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1177 - LSASS Driver
- T1160 - Launch Daemon
MITREへのリンク →
Score: 9.58
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
MITREへのリンク →
Score: 9.40
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 14.06
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1087.004 - Cloud Account
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.65
Matched TTPs:
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1665 - Hide Infrastructure
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 6.20
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1591.001 - Determine Physical Locations
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1490 - Inhibit System Recovery
- T1601.001 - Patch System Image
- T1668 - Exclusive Control
- T1560.001 - Archive via Utility
- T1543.003 - Windows Service
- T1546.011 - Application Shimming
- T1665 - Hide Infrastructure
- T1027.014 - Polymorphic Code
- T1183 - Image File Execution Options Injection
- T1197 - BITS Jobs
- T1597 - Search Closed Sources
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1546.008 - Accessibility Features
- T1213.006 - Databases
- T1027.004 - Compile After Delivery
- T1003.003 - NTDS
- T1609 - Container Administration Command
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design