Malicious npm packages abuse dependency confusion to profile developer environments
概要
Microsoft Threat Intelligence identified an active supply chain attack involving malicious npm packages that employ dependency confusion techniques. Between May 28-29, 2026, a threat actor using three maintainer aliases published malicious packages across nine organizational scopes that mirror real corporate namespaces. The packages execute obfuscated reconnaissance payloads through npm lifecycle hooks, collecting system information, environment variables, and developer credentials. All packages connect to the same command-and-control server and deploy a 17KB JavaScript dropper designed for environment fingerprinting. The campaign includes platform-specific payloads for Windows, macOS, and Linux, with CI/CD detection bypass capabilities. The architecture operates in reconnaissance-only mode but supports server-side toggling for full exploitation. Forensic analysis indicates all three accounts are operated by a single individual, evidenced by shared C2 infrastructure, identical hardcoded authentication toke...
Created: 2026-06-02
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 27.77
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1003.007 - Proc Filesystem
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1218.001 - Compiled HTML File
- T1547.002 - Authentication Package
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 30.49
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 5.78
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 11.13
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.59
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 33.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1071.005 - Publish/Subscribe Protocols
- T1547.012 - Print Processors
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1547.002 - Authentication Package
- T1027.004 - Compile After Delivery
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 21.04
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 15.66
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 12.42
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1048 - Exfiltration Over Alternative Protocol
- T1562.001 - Disable or Modify Tools
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 43.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1071.005 - Publish/Subscribe Protocols
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1021.006 - Windows Remote Management
- T1183 - Image File Execution Options Injection
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1126 - Network Share Connection Removal
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.11
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 19.48
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 22.52
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1608.005 - Link Target
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 23.67
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1128 - Netsh Helper DLL
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1071.005 - Publish/Subscribe Protocols
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 66.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1547.002 - Authentication Package
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1656 - Impersonation
- T1565.002 - Transmitted Data Manipulation
- T1601.001 - Patch System Image
- T1126 - Network Share Connection Removal
- T1003.003 - NTDS
MITREへのリンク →
Score: 13.44
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1051 - Shared Webroot
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 37.81
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1071.005 - Publish/Subscribe Protocols
- T1098.007 - Additional Local or Domain Groups
- T1546.011 - Application Shimming
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1169 - Sudo
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1608.005 - Link Target
MITREへのリンク →
Score: 4.90
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 12.15
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 9.28
Matched TTPs:
- T1485.001 - Lifecycle-Triggered Deletion
- T1547.002 - Authentication Package
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 34.74
Matched TTPs:
- T1099 - Timestomp
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 16.95
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 32.49
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1608.005 - Link Target
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 31.81
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1547.012 - Print Processors
- T1098.007 - Additional Local or Domain Groups
- T1090 - Proxy
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1547.002 - Authentication Package
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 10.82
Matched TTPs:
- T1099 - Timestomp
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 5.95
Matched TTPs:
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 18.13
Matched TTPs:
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
MITREへのリンク →
Score: 10.07
Matched TTPs:
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1210 - Exploitation of Remote Services
MITREへのリンク →
Score: 25.81
Matched TTPs:
- T1099 - Timestomp
- T1071.005 - Publish/Subscribe Protocols
- T1003.007 - Proc Filesystem
- T1556.002 - Password Filter DLL
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1584.002 - DNS Server
MITREへのリンク →
Score: 12.44
Matched TTPs:
- T1099 - Timestomp
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1584.008 - Network Devices
- T1530 - Data from Cloud Storage
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 10.52
Matched TTPs:
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 17.32
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1531 - Account Access Removal
- T1573 - Encrypted Channel
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 20.86
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 6.36
Matched TTPs:
- T1584.008 - Network Devices
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 23.98
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1048 - Exfiltration Over Alternative Protocol
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 8.17
Matched TTPs:
- T1584.008 - Network Devices
- T1180 - Screensaver
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 13.91
Matched TTPs:
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1098.007 - Additional Local or Domain Groups
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 22.35
Matched TTPs:
- T1584.008 - Network Devices
- T1098.007 - Additional Local or Domain Groups
- T1218.003 - CMSTP
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1678 - Delay Execution
- T1573 - Encrypted Channel
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 18.35
Matched TTPs:
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 19.63
Matched TTPs:
- T1584.008 - Network Devices
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1656 - Impersonation
- T1003.003 - NTDS
MITREへのリンク →
Score: 20.13
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1574 - Hijack Execution Flow
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 32.17
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1566.001 - Spearphishing Attachment
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1048 - Exfiltration Over Alternative Protocol
- T1592.002 - Software
- T1128 - Netsh Helper DLL
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 16.05
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1566.001 - Spearphishing Attachment
- T1547.011 - Plist Modification
- T1087.004 - Cloud Account
- T1547.002 - Authentication Package
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 16.11
Matched TTPs:
- T1195.001 - Compromise Software Dependencies and Development Tools
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 20.33
Matched TTPs:
- T1587.003 - Digital Certificates
- T1071.005 - Publish/Subscribe Protocols
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1587.003 - Digital Certificates
- T1098.007 - Additional Local or Domain Groups
MITREへのリンク →
Score: 12.82
Matched TTPs:
- T1587.003 - Digital Certificates
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 39.80
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1098.007 - Additional Local or Domain Groups
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
- T1556.008 - Network Provider DLL
- T1210 - Exploitation of Remote Services
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 16.69
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1480 - Execution Guardrails
- T1027 - Obfuscated Files or Information
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 40.46
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1210 - Exploitation of Remote Services
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1547.002 - Authentication Package
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 17.67
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1098.007 - Additional Local or Domain Groups
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1087.004 - Cloud Account
- T1547.002 - Authentication Package
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 5.97
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1590.006 - Network Security Appliances
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 10.19
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 21.36
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1098.007 - Additional Local or Domain Groups
- T1131 - Authentication Package
- T1547.011 - Plist Modification
- T1608.005 - Link Target
- T1547.002 - Authentication Package
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
MITREへのリンク →
Score: 13.03
Matched TTPs:
- T1071.005 - Publish/Subscribe Protocols
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 35.58
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1087.004 - Cloud Account
- T1562.001 - Disable or Modify Tools
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1075 - Pass the Hash
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 16.79
Matched TTPs:
- T1484.002 - Trust Modification
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 12.72
Matched TTPs:
- T1180 - Screensaver
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 34.47
Matched TTPs:
- T1180 - Screensaver
- T1566.001 - Spearphishing Attachment
- T1098.007 - Additional Local or Domain Groups
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1048 - Exfiltration Over Alternative Protocol
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1493 - Transmitted Data Manipulation
MITREへのリンク →
Score: 24.83
Matched TTPs:
- T1547.012 - Print Processors
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1608.005 - Link Target
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
- T1128 - Netsh Helper DLL
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 17.75
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1098.007 - Additional Local or Domain Groups
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 6.18
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.73
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 3.84
Matched TTPs:
- T1530 - Data from Cloud Storage
MITREへのリンク →
Score: 5.71
Matched TTPs:
- T1530 - Data from Cloud Storage
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 18.59
Matched TTPs:
- T1556.002 - Password Filter DLL
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1021.006 - Windows Remote Management
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 8.68
Matched TTPs:
- T1137.005 - Outlook Rules
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 11.32
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1027 - Obfuscated Files or Information
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 8.02
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1608.005 - Link Target
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 3.80
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
MITREへのリンク →
Score: 11.09
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 17.83
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1027 - Obfuscated Files or Information
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 9.40
Matched TTPs:
- T1098.007 - Additional Local or Domain Groups
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 10.21
Matched TTPs:
- T1547.005 - Security Support Provider
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
MITREへのリンク →
Score: 4.74
Matched TTPs:
- T1009 - Binary Padding
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 8.93
Matched TTPs:
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 4.08
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 11.02
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 14.05
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1134.001 - Token Impersonation/Theft
- T1087.004 - Cloud Account
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1131 - Authentication Package
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 13.73
Matched TTPs:
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 8.57
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 6.08
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1584.002 - DNS Server
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 11.11
Matched TTPs:
- T1177 - LSASS Driver
- T1051 - Shared Webroot
- T1656 - Impersonation
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 9.49
Matched TTPs:
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027 - Obfuscated Files or Information
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1608.005 - Link Target
- T1656 - Impersonation
MITREへのリンク →
Score: 3.99
Matched TTPs:
- T1608.005 - Link Target
- T1087.004 - Cloud Account
MITREへのリンク →
Score: 4.41
Matched TTPs:
- T1608.005 - Link Target
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 5.41
Matched TTPs:
- T1087.004 - Cloud Account
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 3.44
Matched TTPs:
- T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →
Score: 5.14
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1213.003 - Code Repositories
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1531 - Account Access Removal
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 4.79
Matched TTPs:
- T1573 - Encrypted Channel
- T1601.001 - Patch System Image
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1003.007 - Proc Filesystem
- T1027.014 - Polymorphic Code
- T1547.002 - Authentication Package
- T1126 - Network Share Connection Removal
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1546.013 - PowerShell Profile
- T1183 - Image File Execution Options Injection
- T1087.004 - Cloud Account
- T1590.006 - Network Security Appliances
- T1131 - Authentication Package
- T1656 - Impersonation
- T1003.003 - NTDS
- T1597 - Search Closed Sources
- T1546.011 - Application Shimming
- T1213.006 - Databases
- T1009 - Binary Padding
- T1601.001 - Patch System Image
- T1546.008 - Accessibility Features
- T1608.005 - Link Target
- T1098.007 - Additional Local or Domain Groups
- T1197 - BITS Jobs
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design