Latest PyPi Compromise
概要
A supply chain attack targeting the Microsoft DurableTask Python client compromised versions 1.4.1, 1.4.2, and 1.4.3 on PyPi. The threat actor gained access through a compromised GitHub account previously linked to attacks, using stolen credentials to dump GitHub secrets containing PyPi tokens. The evolved payload targets Linux systems, stealing credentials from AWS, Azure, GCP, Kubernetes, Vault, and password managers like Bitwarden and 1Password. It propagates via AWS SSM and Kubernetes lateral movement, limited to 5 targets per infected host. The payload scrapes shell history, bruteforces password managers, and establishes persistence through infection markers. Compromised packages were quarantined following analysis.
Created: 2026-05-21
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 19.81
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1098.007 - Additional Local or Domain Groups
- T1027.016 - Junk Code Insertion
- T1547.011 - Plist Modification
- T1146 - Clear Command History
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 37.35
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1027.016 - Junk Code Insertion
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 25.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1569.002 - Service Execution
MITREへのリンク →
Score: 21.35
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1055.013 - Process Doppelgänging
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.60
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1055.013 - Process Doppelgänging
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1090 - Proxy
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 19.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 10.09
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
MITREへのリンク →
Score: 8.98
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 24.17
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 8.10
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1098.007 - Additional Local or Domain Groups
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 19.48
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 15.18
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.00
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1665 - Hide Infrastructure
- T1569.002 - Service Execution
MITREへのリンク →
Score: 36.87
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1526 - Cloud Service Discovery
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 9.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1027.016 - Junk Code Insertion
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 28.74
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1526 - Cloud Service Discovery
- T1055.005 - Thread Local Storage
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 8.71
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 23.23
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 15.82
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1055.004 - Asynchronous Procedure Call
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 26.12
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1061 - Graphical User Interface
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.06
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
- T1569.002 - Service Execution
MITREへのリンク →
Score: 23.43
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1144 - Gatekeeper Bypass
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1569.002 - Service Execution
MITREへのリンク →
Score: 9.62
Matched TTPs:
- T1099 - Timestomp
- T1027.016 - Junk Code Insertion
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 27.29
Matched TTPs:
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1584.002 - DNS Server
- T1665 - Hide Infrastructure
- T1569.002 - Service Execution
MITREへのリンク →
Score: 10.10
Matched TTPs:
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 7.07
Matched TTPs:
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.79
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 15.22
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1003.007 - Proc Filesystem
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 7.14
Matched TTPs:
- T1584.008 - Network Devices
- T1027.016 - Junk Code Insertion
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 17.24
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1208 - Kerberoasting
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 4.33
Matched TTPs:
- T1584.008 - Network Devices
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 12.44
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 9.00
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 18.93
Matched TTPs:
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1556.009 - Conditional Access Policies
- T1601.001 - Patch System Image
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 14.80
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1027.016 - Junk Code Insertion
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 14.45
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1003.007 - Proc Filesystem
- T1027.016 - Junk Code Insertion
- T1055.004 - Asynchronous Procedure Call
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 24.70
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1592.002 - Software
- T1556.009 - Conditional Access Policies
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 13.10
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 14.73
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 34.02
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1144 - Gatekeeper Bypass
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027.005 - Indicator Removal from Tools
- T1027 - Obfuscated Files or Information
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 20.53
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 31.21
Matched TTPs:
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1063 - Security Software Discovery
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 14.82
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 10.51
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.93
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 10.03
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1144 - Gatekeeper Bypass
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.06
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.68
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 3.86
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 29.66
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1569.002 - Service Execution
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 10.40
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027.016 - Junk Code Insertion
- T1546.008 - Accessibility Features
MITREへのリンク →
Score: 11.93
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 11.77
Matched TTPs:
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.77
Matched TTPs:
- T1547.005 - Security Support Provider
- T1556.008 - Network Provider DLL
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 8.29
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.67
Matched TTPs:
- T1027.016 - Junk Code Insertion
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 10.29
Matched TTPs:
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 10.01
Matched TTPs:
- T1177 - LSASS Driver
- T1055.013 - Process Doppelgänging
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.96
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1556.009 - Conditional Access Policies
MITREへのリンク →
Score: 6.95
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 9.49
Matched TTPs:
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.86
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1569.002 - Service Execution
MITREへのリンク →
Score: 4.57
Matched TTPs:
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 8.27
Matched TTPs:
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.66
Matched TTPs:
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.54
Matched TTPs:
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.70
Matched TTPs:
- T1601.001 - Patch System Image
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1526 - Cloud Service Discovery
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1568 - Dynamic Resolution
- T1222.002 - Linux and Mac Permissions
- T1202 - Indirect Command Execution
- T1592.004 - Client Configurations
- T1027.004 - Compile After Delivery
- T1556.008 - Network Provider DLL
- T1177 - LSASS Driver
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1099 - Timestomp
- T1027.016 - Junk Code Insertion
MITREへのリンク →
Score: 0.69
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1098.007 - Additional Local or Domain Groups
- T1213.006 - Databases
- T1665 - Hide Infrastructure
- T1003.007 - Proc Filesystem
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1027.004 - Compile After Delivery
- T1597 - Search Closed Sources
- T1526 - Cloud Service Discovery
- T1546.008 - Accessibility Features
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
- T1051 - Shared Webroot
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1098.007 - Additional Local or Domain Groups
- T1144 - Gatekeeper Bypass
- T1027.005 - Indicator Removal from Tools
- T1597 - Search Closed Sources
- T1556.008 - Network Provider DLL
- T1685.004 - Disable or Modify Linux Audit System Log
- T1027 - Obfuscated Files or Information
- T1565.002 - Transmitted Data Manipulation
- T1051 - Shared Webroot
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1098.007 - Additional Local or Domain Groups
- T1055.004 - Asynchronous Procedure Call
- T1686.003 - Windows Host Firewall
- T1601.001 - Patch System Image
- T1063 - Security Software Discovery
- T1546.008 - Accessibility Features
- T1027 - Obfuscated Files or Information
- T1484.002 - Trust Modification
- T1562.001 - Disable or Modify Tools
- T1016.002 - Wi-Fi Discovery
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1055.005 - Thread Local Storage
- T1183 - Image File Execution Options Injection
- T1098.007 - Additional Local or Domain Groups
- T1665 - Hide Infrastructure
- T1597 - Search Closed Sources
- T1069.001 - Local Groups
- T1569.002 - Service Execution
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027.016 - Junk Code Insertion
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design