Inside Banana RAT: From Build Server to Banking Fraud
概要
An MDR investigation successfully mapped the complete operational infrastructure of Banana RAT, a Brazilian banking trojan operated by threat cluster SHADOW-WATER-063. The investigation uncovered both server-side and client-side components, revealing a sophisticated FastAPI-based polymorphic payload generation system that produces hash-unique builds to evade detection. The malware employs layered obfuscation, AES-wrapped payloads, and fileless PowerShell execution. Once deployed, it enables operator-driven fraud through remote input control, keylogging, screen streaming, bank-branded overlays, and Pix QR code interception specifically targeting Brazilian financial institutions. The tooling exclusively targets 16 Brazilian banks and crypto exchanges, with all operator artifacts written in Brazilian Portuguese, indicating a financially motivated actor operating within the Tetrade banking trojan ecosystem.
Created: 2026-05-21
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 22.99
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 30.60
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1608.005 - Link Target
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 9.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1090 - Proxy
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 21.87
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 18.25
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1090 - Proxy
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 28.39
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.81
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 20.93
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.82
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 15.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 45.77
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 11.16
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 33.04
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1136.001 - Local Account
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 6.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1543.003 - Windows Service
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 9.86
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
MITREへのリンク →
Score: 30.89
Matched TTPs:
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 11.58
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1097 - Pass the Ticket
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 32.68
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1202 - Indirect Command Execution
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 25.57
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.52
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 17.45
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 8.89
Matched TTPs:
- T1099 - Timestomp
- T1608.005 - Link Target
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 15.66
Matched TTPs:
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
MITREへのリンク →
Score: 8.40
Matched TTPs:
- T1099 - Timestomp
- T1543.003 - Windows Service
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 7.31
Matched TTPs:
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 16.83
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1097 - Pass the Ticket
- T1573 - Encrypted Channel
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.91
Matched TTPs:
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 8.89
Matched TTPs:
- T1584.008 - Network Devices
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 16.26
Matched TTPs:
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1177 - LSASS Driver
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 10.70
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
MITREへのリンク →
Score: 11.17
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 13.29
Matched TTPs:
- T1584.008 - Network Devices
- T1543.003 - Windows Service
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 14.43
Matched TTPs:
- T1584.008 - Network Devices
- T1562.004 - Disable or Modify System Firewall
- T1051 - Shared Webroot
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 16.50
Matched TTPs:
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 8.42
Matched TTPs:
- T1587.003 - Digital Certificates
- T1063 - Security Software Discovery
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 8.77
Matched TTPs:
- T1587.003 - Digital Certificates
- T1543.003 - Windows Service
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 9.65
Matched TTPs:
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1087.004 - Cloud Account
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 37.01
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1552.003 - Shell History
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 25.58
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1552.003 - Shell History
- T1097 - Pass the Ticket
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 36.82
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1562.004 - Disable or Modify System Firewall
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.54
Matched TTPs:
- T1484.002 - Trust Modification
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 3.42
Matched TTPs:
- T1543.003 - Windows Service
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 5.43
Matched TTPs:
- T1543.003 - Windows Service
- T1608.005 - Link Target
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 3.79
Matched TTPs:
- T1543.003 - Windows Service
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 11.97
Matched TTPs:
- T1543.003 - Windows Service
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 24.90
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 6.37
Matched TTPs:
- T1543.003 - Windows Service
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 12.73
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 16.72
Matched TTPs:
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1051 - Shared Webroot
- T1097 - Pass the Ticket
MITREへのリンク →
Score: 16.62
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1599 - Network Boundary Bridging
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 7.16
Matched TTPs:
- T1543.003 - Windows Service
- T1530 - Data from Cloud Storage
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.81
Matched TTPs:
- T1543.003 - Windows Service
- T1098.007 - Additional Local or Domain Groups
- T1599 - Network Boundary Bridging
MITREへのリンク →
Score: 18.72
Matched TTPs:
- T1543.003 - Windows Service
- T1566.001 - Spearphishing Attachment
- T1547.011 - Plist Modification
- T1087.004 - Cloud Account
- T1097 - Pass the Ticket
- T1599 - Network Boundary Bridging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 32.52
Matched TTPs:
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1590 - Gather Victim Network Information
- T1097 - Pass the Ticket
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
- T1059.005 - Visual Basic
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 17.14
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1562.004 - Disable or Modify System Firewall
- T1110.003 - Password Spraying
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.78
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1562.004 - Disable or Modify System Firewall
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 11.20
Matched TTPs:
- T1137.005 - Outlook Rules
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 18.96
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.004 - Disable or Modify System Firewall
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1097 - Pass the Ticket
- T1197 - BITS Jobs
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 4.96
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1609 - Container Administration Command
MITREへのリンク →
Score: 10.23
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
MITREへのリンク →
Score: 7.11
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 14.46
Matched TTPs:
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 17.01
Matched TTPs:
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 10.21
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
MITREへのリンク →
Score: 6.19
Matched TTPs:
- T1009 - Binary Padding
- T1110.003 - Password Spraying
MITREへのリンク →
Score: 8.88
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.54
Matched TTPs:
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 12.58
Matched TTPs:
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1547.011 - Plist Modification
- T1097 - Pass the Ticket
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 10.20
Matched TTPs:
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1097 - Pass the Ticket
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.42
Matched TTPs:
- T1090 - Proxy
- T1136.003 - Cloud Account
MITREへのリンク →
Score: 10.28
Matched TTPs:
- T1083 - File and Directory Discovery
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.18
Matched TTPs:
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.46
Matched TTPs:
- T1097 - Pass the Ticket
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.79
Matched TTPs:
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1601.001 - Patch System Image
- T1009 - Binary Padding
- T1546.011 - Application Shimming
- T1027.014 - Polymorphic Code
- T1197 - BITS Jobs
- T1003.007 - Proc Filesystem
- T1552.003 - Shell History
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1098.007 - Additional Local or Domain Groups
- T1213.006 - Databases
- T1543.003 - Windows Service
- T1565.002 - Transmitted Data Manipulation
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1609 - Container Administration Command
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1552.003 - Shell History
- T1098.007 - Additional Local or Domain Groups
- T1565.002 - Transmitted Data Manipulation
- T1051 - Shared Webroot
- T1609 - Container Administration Command
- T1087.004 - Cloud Account
- T1685.004 - Disable or Modify Linux Audit System Log
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1601.001 - Patch System Image
- T1484.002 - Trust Modification
- T1562.004 - Disable or Modify System Firewall
- T1027 - Obfuscated Files or Information
- T1075 - Pass the Hash
- T1562.001 - Disable or Modify Tools
- T1686.003 - Windows Host Firewall
- T1098.007 - Additional Local or Domain Groups
- T1573 - Encrypted Channel
- T1543.003 - Windows Service
- T1016.002 - Wi-Fi Discovery
- T1063 - Security Software Discovery
- T1087.004 - Cloud Account
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design