Kazuar: Anatomy of a nation-state botnet
概要
Kazuar is a sophisticated malware attributed to Russian state actor Secret Blizzard, having evolved from a traditional backdoor into a highly modular peer-to-peer botnet ecosystem. The malware comprises three distinct module types—Kernel, Bridge, and Worker—that distribute functionality across infected systems. A leadership election mechanism ensures only one Kernel module communicates externally, reducing detection opportunities. The architecture supports flexible configuration with over 150 options, multiple C2 channels including HTTP, WebSockets, and Exchange Web Services, and extensive data collection capabilities. Secret Blizzard primarily targets government, diplomatic, and defense organizations in Europe, Central Asia, and Ukraine to support Russian foreign policy and military intelligence objectives. The botnet maintains persistent access through sophisticated IPC mechanisms, staged data exfiltration during working hours, and comprehensive anti-analysis checks.
Created: 2026-05-15
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 9.94
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 15.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 16.11
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.77
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.005 - Botnet
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.88
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
MITREへのリンク →
Score: 30.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
- T1584.002 - DNS Server
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 14.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 31.44
Matched TTPs:
- T1560.001 - Archive via Utility
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 10.02
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 10.53
Matched TTPs:
- T1560.001 - Archive via Utility
- T1566.001 - Spearphishing Attachment
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 16.87
Matched TTPs:
- T1560.001 - Archive via Utility
- T1587.003 - Digital Certificates
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.36
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1055.004 - Asynchronous Procedure Call
- T1102 - Web Service
MITREへのリンク →
Score: 5.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 22.33
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
- T1008 - Fallback Channels
MITREへのリンク →
Score: 15.81
Matched TTPs:
- T1560.001 - Archive via Utility
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 27.03
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.005 - Botnet
- T1098.007 - Additional Local or Domain Groups
- T1139 - Bash History
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 21.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 15.38
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1591.001 - Determine Physical Locations
- T1008 - Fallback Channels
MITREへのリンク →
Score: 23.62
Matched TTPs:
- T1560.001 - Archive via Utility
- T1583.005 - Botnet
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1090.002 - External Proxy
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 47.97
Matched TTPs:
- T1560.001 - Archive via Utility
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1583.005 - Botnet
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1665 - Hide Infrastructure
- T1008 - Fallback Channels
MITREへのリンク →
Score: 10.83
Matched TTPs:
- T1560.001 - Archive via Utility
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 12.17
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 17.74
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.54
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 21.04
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1144 - Gatekeeper Bypass
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 17.39
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 32.65
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 15.79
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1144 - Gatekeeper Bypass
- T1102 - Web Service
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 14.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1601 - Modify System Image
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 12.68
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 33.76
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1223 - Compiled HTML File
MITREへのリンク →
Score: 19.72
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 8.81
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 6.44
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 16.99
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1531 - Account Access Removal
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.60
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1574.009 - Path Interception by Unquoted Path
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 12.82
Matched TTPs:
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1102 - Web Service
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 14.30
Matched TTPs:
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1090 - Proxy
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 17.52
Matched TTPs:
- T1036.008 - Masquerade File Type
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 32.38
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1144 - Gatekeeper Bypass
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
MITREへのリンク →
Score: 14.86
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1480 - Execution Guardrails
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 39.51
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1583.005 - Botnet
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
MITREへのリンク →
Score: 10.91
Matched TTPs:
- T1063 - Security Software Discovery
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.66
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
MITREへのリンク →
Score: 13.12
Matched TTPs:
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 22.65
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 18.92
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1128 - Netsh Helper DLL
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 16.81
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 8.95
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.73
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 14.05
Matched TTPs:
- T1583.005 - Botnet
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 8.12
Matched TTPs:
- T1583.005 - Botnet
- T1009 - Binary Padding
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.97
Matched TTPs:
- T1583.005 - Botnet
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 9.96
Matched TTPs:
- T1530 - Data from Cloud Storage
- T1665 - Hide Infrastructure
- T1008 - Fallback Channels
MITREへのリンク →
Score: 8.40
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 10.17
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 8.02
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 23.99
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.79
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.77
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 30.54
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
MITREへのリンク →
Score: 14.93
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1584.005 - Botnet
MITREへのリンク →
Score: 12.44
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1584.005 - Botnet
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 11.05
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 11.42
Matched TTPs:
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 14.35
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1601 - Modify System Image
MITREへのリンク →
Score: 12.16
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1008 - Fallback Channels
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 12.08
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1101 - Security Support Provider
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1584.002 - DNS Server
MITREへのリンク →
Score: 16.20
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1128 - Netsh Helper DLL
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.76
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1090 - Proxy
MITREへのリンク →
Score: 4.30
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 7.28
Matched TTPs:
- T1584.005 - Botnet
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1008 - Fallback Channels
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1609 - Container Administration Command
- T1008 - Fallback Channels
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1590.006 - Network Security Appliances
- T1027.004 - Compile After Delivery
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1690 - Prevent Command History Logging
- T1213.006 - Databases
- T1546.008 - Accessibility Features
- T1197 - BITS Jobs
- T1560.001 - Archive via Utility
- T1583.005 - Botnet
- T1009 - Binary Padding
- T1003.007 - Proc Filesystem
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1484.002 - Trust Modification
- T1063 - Security Software Discovery
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.001 - Disable or Modify Tools
- T1686.003 - Windows Host Firewall
- T1183 - Image File Execution Options Injection
- T1075 - Pass the Hash
- T1055.004 - Asynchronous Procedure Call
- T1546.008 - Accessibility Features
- T1027 - Obfuscated Files or Information
- T1583.005 - Botnet
- T1562.004 - Disable or Modify System Firewall
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design