Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
概要
Unit 42 researchers identified six new remote access Trojan variants deployed by Iran-nexus APT group Screening Serpens between February and April 2026, coinciding with a regional conflict starting February 28, 2026. The group targeted entities in the U.S., Israel, UAE, and other Middle Eastern locations, primarily focusing on technology sector professionals through highly tailored social engineering using personalized recruitment lures. Two new malware families, MiniUpdate and MiniJunk V2, were discovered featuring advanced techniques including AppDomainManager hijacking that manipulates .NET application initialization to disable security mechanisms. The campaigns demonstrated increased technical capabilities and operational resilience, with each variant using dedicated C2 infrastructure hosted on Azure. The attacks leveraged DLL sideloading, scheduled tasks for persistence, and sophisticated evasion techniques to maintain long-term access for espionage purposes.
Created: 2026-05-25
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 33.14
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1055.013 - Process Doppelgänging
- T1592.004 - Client Configurations
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1556 - Modify Authentication Process
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 28.48
Matched TTPs:
- T1113 - Screen Capture
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
- T1569.002 - Service Execution
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 41.29
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1546.013 - PowerShell Profile
- T1053.007 - Container Orchestration Job
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1526 - Cloud Service Discovery
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 52.16
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1546.013 - PowerShell Profile
- T1053.007 - Container Orchestration Job
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1609 - Container Administration Command
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1526 - Cloud Service Discovery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 9.50
Matched TTPs:
- T1037 - Boot or Logon Initialization Scripts
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 19.86
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1574.009 - Path Interception by Unquoted Path
- T1585 - Establish Accounts
MITREへのリンク →
Score: 32.93
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1592.004 - Client Configurations
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 31.60
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 33.13
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 12.74
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1140 - Deobfuscate/Decode Files or Information
- T1608.005 - Link Target
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 8.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.00
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1090 - Proxy
- T1159 - Launch Agent
MITREへのリンク →
Score: 20.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1117 - Regsvr32
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
MITREへのリンク →
Score: 21.04
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 16.30
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1055.013 - Process Doppelgänging
- T1090 - Proxy
- T1588.001 - Malware
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 31.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1690 - Prevent Command History Logging
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 15.09
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 21.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 9.26
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 7.00
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1588.001 - Malware
- T1569.002 - Service Execution
MITREへのリンク →
Score: 10.92
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 10.13
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1117 - Regsvr32
- T1101 - Security Support Provider
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 5.41
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1562.009 - Safe Mode Boot
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 13.96
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1159 - Launch Agent
MITREへのリンク →
Score: 21.04
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1562.009 - Safe Mode Boot
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 8.07
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1099 - Timestomp
- T1055.004 - Asynchronous Procedure Call
- T1569.002 - Service Execution
MITREへのリンク →
Score: 20.63
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1134.001 - Token Impersonation/Theft
- T1569.002 - Service Execution
MITREへのリンク →
Score: 32.12
Matched TTPs:
- T1099 - Timestomp
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1547.005 - Security Support Provider
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
- T1159 - Launch Agent
- T1569.002 - Service Execution
MITREへのリンク →
Score: 10.98
Matched TTPs:
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1526 - Cloud Service Discovery
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.54
Matched TTPs:
- T1682 - Query Public AI Services
MITREへのリンク →
Score: 6.44
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 8.54
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 12.60
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 18.48
Matched TTPs:
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.86
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 17.52
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1027 - Obfuscated Files or Information
- T1574.009 - Path Interception by Unquoted Path
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 5.80
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 13.91
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 18.04
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1055.004 - Asynchronous Procedure Call
- T1574.009 - Path Interception by Unquoted Path
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 18.29
Matched TTPs:
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1588.001 - Malware
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1526 - Cloud Service Discovery
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.70
Matched TTPs:
- T1584.008 - Network Devices
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1140 - Deobfuscate/Decode Files or Information
- T1588.001 - Malware
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 19.50
Matched TTPs:
- T1484.002 - Trust Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 16.00
Matched TTPs:
- T1484.002 - Trust Modification
- T1140 - Deobfuscate/Decode Files or Information
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1562.009 - Safe Mode Boot
MITREへのリンク →
Score: 27.55
Matched TTPs:
- T1562.009 - Safe Mode Boot
- T1003.007 - Proc Filesystem
- T1574.014 - AppDomainManager
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1117 - Regsvr32
- T1055.013 - Process Doppelgänging
- T1055.004 - Asynchronous Procedure Call
- T1526 - Cloud Service Discovery
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 22.56
Matched TTPs:
- T1689 - Downgrade Attack
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1588.001 - Malware
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.25
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
MITREへのリンク →
Score: 13.76
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.42
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1588.001 - Malware
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.06
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.61
Matched TTPs:
- T1530 - Data from Cloud Storage
- T1588.001 - Malware
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 7.06
Matched TTPs:
- T1574.014 - AppDomainManager
- T1569.002 - Service Execution
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.30
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 4.62
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1526 - Cloud Service Discovery
MITREへのリンク →
Score: 16.38
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 9.35
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1055.013 - Process Doppelgänging
- T1588.001 - Malware
- T1656 - Impersonation
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 12.08
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.75
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1027.014 - Polymorphic Code
- T1001.001 - Junk Data
MITREへのリンク →
Score: 10.96
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 10.40
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.83
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
- T1569.002 - Service Execution
MITREへのリンク →
Score: 8.68
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 8.40
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 7.97
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1588.001 - Malware
- T1608.005 - Link Target
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 3.92
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 33.27
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1588.001 - Malware
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1055.005 - Thread Local Storage
- T1569.002 - Service Execution
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.65
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1690 - Prevent Command History Logging
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 18.81
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.14
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.61
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1588.001 - Malware
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 9.25
Matched TTPs:
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 14.06
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 4.44
Matched TTPs:
- T1009 - Binary Padding
- T1588.001 - Malware
MITREへのリンク →
Score: 13.87
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1569.002 - Service Execution
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.013 - Process Doppelgänging
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1547.011 - Plist Modification
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 8.77
Matched TTPs:
- T1117 - Regsvr32
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 4.68
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1055.013 - Process Doppelgänging
- T1159 - Launch Agent
MITREへのリンク →
Score: 14.56
Matched TTPs:
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1159 - Launch Agent
- T1490 - Inhibit System Recovery
MITREへのリンク →
Score: 4.49
Matched TTPs:
- T1588.001 - Malware
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 5.49
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1159 - Launch Agent
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 6.88
Matched TTPs:
- T1584.002 - DNS Server
- T1159 - Launch Agent
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1053.007 - Container Orchestration Job
- T1098.007 - Additional Local or Domain Groups
- T1027.014 - Polymorphic Code
- T1690 - Prevent Command History Logging
- T1009 - Binary Padding
- T1037 - Boot or Logon Initialization Scripts
- T1597 - Search Closed Sources
- T1588.001 - Malware
- T1546.013 - PowerShell Profile
- T1490 - Inhibit System Recovery
- T1027.004 - Compile After Delivery
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1003.007 - Proc Filesystem
- T1656 - Impersonation
- T1213.006 - Databases
- T1526 - Cloud Service Discovery
- T1609 - Container Administration Command
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1159 - Launch Agent
- T1037 - Boot or Logon Initialization Scripts
- T1055.013 - Process Doppelgänging
- T1053.007 - Container Orchestration Job
- T1136.003 - Cloud Account
- T1183 - Image File Execution Options Injection
- T1526 - Cloud Service Discovery
- T1608.005 - Link Target
- T1098.007 - Additional Local or Domain Groups
- T1169 - Sudo
- T1556 - Modify Authentication Process
- T1546.013 - PowerShell Profile
- T1055.005 - Thread Local Storage
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design