How access to Gmail accounts is gained
概要
The ToddyCat APT group developed a sophisticated tool called Umbrij to compromise Gmail corporate accounts through OAuth token theft. The malware exploits Chromium-based browsers by launching them in headless mode with remote debugging enabled, utilizing the Shadow Token via Remote Debug (STRD) technique. Umbrij automates the entire attack chain: it copies user profiles, launches browsers with debugging ports, connects via Puppeteer Sharp library, and manipulates OAuth flows by impersonating legitimate Google Workspace migration tools. The tool specifically targets client IDs for Google Workspace Migration for Microsoft Outlook and Google Workspace Sync applications, requesting extensive permissions for email, calendar, drive, and contacts. ToddyCat deploys Umbrij through DLL sideloading techniques using signed files from Bitdefender, Visual Studio, and Google Desktop Search. This automated approach enables scalable compromise of organizational email communications while evading traditional security monito...
Created: 2026-06-30
Indicators
類似Pulses
類似するPulseは見つかりませんでした。
このPulseに関連する脅威アクター (事実ベース)
Score: 24.96
Matched TTPs:
- T1560.001 - Archive via Utility
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1049 - System Network Connections Discovery
- T1210 - Exploitation of Remote Services
- T1556.005 - Reversible Encryption
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 13.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1527 - Application Access Token
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 17.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1597 - Search Closed Sources
- T1556.005 - Reversible Encryption
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 10.45
Matched TTPs:
- T1560.001 - Archive via Utility
- T1051 - Shared Webroot
- T1562.001 - Disable or Modify Tools
- T1556.005 - Reversible Encryption
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1177 - LSASS Driver
- T1051 - Shared Webroot
MITREへのリンク →
Score: 41.04
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1686.003 - Windows Host Firewall
- T1003.007 - Proc Filesystem
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1488 - Disk Content Wipe
- T1584.002 - DNS Server
- T1065 - Uncommonly Used Port
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 9.61
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 28.03
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1546.011 - Application Shimming
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1565.002 - Transmitted Data Manipulation
- T1556.005 - Reversible Encryption
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →
Score: 18.81
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
- T1574 - Hijack Execution Flow
- T1556.005 - Reversible Encryption
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 6.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1063 - Security Software Discovery
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 11.71
Matched TTPs:
- T1560.001 - Archive via Utility
- T1547.011 - Plist Modification
- T1599 - Network Boundary Bridging
- T1027.004 - Compile After Delivery
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 17.30
Matched TTPs:
- T1560.001 - Archive via Utility
- T1016.002 - Wi-Fi Discovery
- T1090 - Proxy
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
- T1027.004 - Compile After Delivery
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 9.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1180 - Screensaver
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.98
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.14
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 19.15
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1574.009 - Path Interception by Unquoted Path
- T1564.003 - Hidden Window
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 21.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 33.03
Matched TTPs:
- T1560.001 - Archive via Utility
- T1222.002 - Linux and Mac Permissions
- T1139 - Bash History
- T1131 - Authentication Package
- T1547.011 - Plist Modification
- T1574.009 - Path Interception by Unquoted Path
- T1197 - BITS Jobs
- T1585 - Establish Accounts
- T1556.005 - Reversible Encryption
- T1055.008 - Ptrace System Calls
MITREへのリンク →
Score: 24.27
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1099 - Timestomp
- T1063 - Security Software Discovery
- T1003.007 - Proc Filesystem
- T1131 - Authentication Package
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 17.13
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1592.004 - Client Configurations
- T1597 - Search Closed Sources
- T1027.004 - Compile After Delivery
- T1556.005 - Reversible Encryption
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 15.76
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1488 - Disk Content Wipe
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 56.49
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1213.006 - Databases
- T1003.007 - Proc Filesystem
- T1546.011 - Application Shimming
- T1009 - Binary Padding
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1027.014 - Polymorphic Code
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1556.005 - Reversible Encryption
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 13.35
Matched TTPs:
- T1560.001 - Archive via Utility
- T1547.011 - Plist Modification
- T1590.006 - Network Security Appliances
- T1177 - LSASS Driver
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
MITREへのリンク →
Score: 13.95
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1504 - PowerShell Profile
- T1128 - Netsh Helper DLL
- T1556.005 - Reversible Encryption
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 18.92
Matched TTPs:
- T1560.001 - Archive via Utility
- T1584.008 - Network Devices
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1198 - SIP and Trust Provider Hijacking
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 13.51
Matched TTPs:
- T1560.001 - Archive via Utility
- T1109 - Component Firmware
- T1099 - Timestomp
- T1590.006 - Network Security Appliances
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 20.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1134.001 - Token Impersonation/Theft
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 18.41
Matched TTPs:
- T1560.001 - Archive via Utility
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 33.40
Matched TTPs:
- T1560.001 - Archive via Utility
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1099 - Timestomp
- T1016.002 - Wi-Fi Discovery
- T1547.005 - Security Support Provider
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1504 - PowerShell Profile
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 5.91
Matched TTPs:
- T1560.001 - Archive via Utility
- T1003.007 - Proc Filesystem
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.75
Matched TTPs:
- T1560.001 - Archive via Utility
- T1083 - File and Directory Discovery
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 10.86
Matched TTPs:
- T1560.001 - Archive via Utility
- T1137.005 - Outlook Rules
- T1504 - PowerShell Profile
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 8.50
Matched TTPs:
- T1560.001 - Archive via Utility
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 34.61
Matched TTPs:
- T1222.002 - Linux and Mac Permissions
- T1099 - Timestomp
- T1584.008 - Network Devices
- T1202 - Indirect Command Execution
- T1547.011 - Plist Modification
- T1177 - LSASS Driver
- T1592.004 - Client Configurations
- T1568 - Dynamic Resolution
- T1556.008 - Network Provider DLL
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 44.98
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1109 - Component Firmware
- T1685.004 - Disable or Modify Linux Audit System Log
- T1547.005 - Security Support Provider
- T1590.006 - Network Security Appliances
- T1609 - Container Administration Command
- T1083 - File and Directory Discovery
- T1051 - Shared Webroot
- T1556.008 - Network Provider DLL
- T1210 - Exploitation of Remote Services
- T1597 - Search Closed Sources
- T1197 - BITS Jobs
- T1564.003 - Hidden Window
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 5.32
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 5.58
Matched TTPs:
- T1171 - LLMNR/NBT-NS Poisoning and Relay
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 26.84
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1592.004 - Client Configurations
- T1055.004 - Asynchronous Procedure Call
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1556.005 - Reversible Encryption
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 6.29
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1134.002 - Create Process with Token
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 12.88
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1063 - Security Software Discovery
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 7.92
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 6.51
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1055.003 - Thread Execution Hijacking
MITREへのリンク →
Score: 6.45
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1090 - Proxy
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.011 - Plist Modification
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 22.68
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1547.005 - Security Support Provider
- T1131 - Authentication Package
- T1183 - Image File Execution Options Injection
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 14.95
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1527 - Application Access Token
- T1016.002 - Wi-Fi Discovery
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 10.33
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1009 - Binary Padding
- T1562.001 - Disable or Modify Tools
- T1065 - Uncommonly Used Port
MITREへのリンク →
Score: 17.32
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1518.002 - Backup Software Discovery
- T1598.004 - Spearphishing Voice
- T1027.014 - Polymorphic Code
- T1128 - Netsh Helper DLL
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 7.46
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1590.006 - Network Security Appliances
- T1556.005 - Reversible Encryption
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 11.10
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1003.007 - Proc Filesystem
- T1183 - Image File Execution Options Injection
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
MITREへのリンク →
Score: 4.50
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1051 - Shared Webroot
MITREへのリンク →
Score: 7.94
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 13.66
Matched TTPs:
- T1546.013 - PowerShell Profile
- T1109 - Component Firmware
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1609 - Container Administration Command
MITREへのリンク →
Score: 7.66
Matched TTPs:
- T1109 - Component Firmware
- T1574.009 - Path Interception by Unquoted Path
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 40.39
Matched TTPs:
- T1109 - Component Firmware
- T1063 - Security Software Discovery
- T1484.002 - Trust Modification
- T1686.003 - Windows Host Firewall
- T1016.002 - Wi-Fi Discovery
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1546.008 - Accessibility Features
- T1055.004 - Asynchronous Procedure Call
- T1049 - System Network Connections Discovery
- T1562.001 - Disable or Modify Tools
- T1075 - Pass the Hash
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 14.57
Matched TTPs:
- T1109 - Component Firmware
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1599 - Network Boundary Bridging
- T1128 - Netsh Helper DLL
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 17.31
Matched TTPs:
- T1099 - Timestomp
- T1547.005 - Security Support Provider
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1065 - Uncommonly Used Port
MITREへのリンク →
Score: 19.39
Matched TTPs:
- T1099 - Timestomp
- T1527 - Application Access Token
- T1090 - Proxy
- T1554 - Compromise Host Software Binary
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 7.29
Matched TTPs:
- T1099 - Timestomp
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 3.78
Matched TTPs:
- T1584.008 - Network Devices
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 8.74
Matched TTPs:
- T1584.008 - Network Devices
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 18.40
Matched TTPs:
- T1584.008 - Network Devices
- T1218.003 - CMSTP
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1574.009 - Path Interception by Unquoted Path
- T1556.005 - Reversible Encryption
- T1591.001 - Determine Physical Locations
MITREへのリンク →
Score: 9.31
Matched TTPs:
- T1584.008 - Network Devices
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
MITREへのリンク →
Score: 21.12
Matched TTPs:
- T1685.004 - Disable or Modify Linux Audit System Log
- T1686.003 - Windows Host Firewall
- T1504 - PowerShell Profile
- T1027.014 - Polymorphic Code
- T1565.002 - Transmitted Data Manipulation
- T1158 - Hidden Files and Directories
MITREへのリンク →
Score: 17.14
Matched TTPs:
- T1484.002 - Trust Modification
- T1183 - Image File Execution Options Injection
- T1554 - Compromise Host Software Binary
- T1027.014 - Polymorphic Code
- T1488 - Disk Content Wipe
MITREへのリンク →
Score: 13.91
Matched TTPs:
- T1180 - Screensaver
- T1009 - Binary Padding
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1027.004 - Compile After Delivery
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 24.52
Matched TTPs:
- T1180 - Screensaver
- T1503 - Credentials from Web Browsers
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1590 - Gather Victim Network Information
- T1597 - Search Closed Sources
- T1493 - Transmitted Data Manipulation
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 20.25
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1597 - Search Closed Sources
- T1556.005 - Reversible Encryption
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 17.27
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1051 - Shared Webroot
- T1128 - Netsh Helper DLL
- T1556.005 - Reversible Encryption
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.26
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 5.73
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
MITREへのリンク →
Score: 15.96
Matched TTPs:
- T1218.003 - CMSTP
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1597 - Search Closed Sources
- T1128 - Netsh Helper DLL
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 24.74
Matched TTPs:
- T1547.005 - Security Support Provider
- T1134.002 - Create Process with Token
- T1020 - Automated Exfiltration
- T1609 - Container Administration Command
- T1556.008 - Network Provider DLL
- T1065 - Uncommonly Used Port
- T1564.003 - Hidden Window
MITREへのリンク →
Score: 8.93
Matched TTPs:
- T1009 - Binary Padding
- T1110.003 - Password Spraying
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
MITREへのリンク →
Score: 36.58
Matched TTPs:
- T1009 - Binary Padding
- T1183 - Image File Execution Options Injection
- T1547.011 - Plist Modification
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1055.004 - Asynchronous Procedure Call
- T1210 - Exploitation of Remote Services
- T1069.001 - Local Groups
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1556.005 - Reversible Encryption
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.02
Matched TTPs:
- T1009 - Binary Padding
- T1055.004 - Asynchronous Procedure Call
- T1597 - Search Closed Sources
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
MITREへのリンク →
Score: 13.86
Matched TTPs:
- T1009 - Binary Padding
- T1590.006 - Network Security Appliances
- T1504 - PowerShell Profile
- T1134.001 - Token Impersonation/Theft
- T1597 - Search Closed Sources
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 4.47
Matched TTPs:
- T1131 - Authentication Package
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 10.91
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1590.006 - Network Security Appliances
- T1197 - BITS Jobs
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 12.09
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
- T1546.008 - Accessibility Features
- T1609 - Container Administration Command
MITREへのリンク →
Score: 4.81
Matched TTPs:
- T1183 - Image File Execution Options Injection
- T1134.002 - Create Process with Token
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1547.011 - Plist Modification
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 6.46
Matched TTPs:
- T1134.002 - Create Process with Token
- T1027.014 - Polymorphic Code
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 5.40
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1027.014 - Polymorphic Code
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 5.60
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1584.002 - DNS Server
MITREへのリンク →
Score: 17.39
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1090 - Proxy
- T1055.004 - Asynchronous Procedure Call
- T1136.003 - Cloud Account
- T1128 - Netsh Helper DLL
- T1556.005 - Reversible Encryption
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 7.25
Matched TTPs:
- T1590.006 - Network Security Appliances
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
MITREへのリンク →
Score: 6.03
Matched TTPs:
- T1177 - LSASS Driver
- T1027.014 - Polymorphic Code
MITREへのリンク →
Score: 11.44
Matched TTPs:
- T1177 - LSASS Driver
- T1049 - System Network Connections Discovery
- T1160 - Launch Daemon
MITREへのリンク →
Score: 14.24
Matched TTPs:
- T1504 - PowerShell Profile
- T1599 - Network Boundary Bridging
- T1486 - Data Encrypted for Impact
- T1565.002 - Transmitted Data Manipulation
MITREへのリンク →
Score: 6.33
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1027.014 - Polymorphic Code
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 6.33
Matched TTPs:
- T1562.001 - Disable or Modify Tools
- T1128 - Netsh Helper DLL
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 3.93
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 3.53
Matched TTPs:
- T1027.004 - Compile After Delivery
- T1556.005 - Reversible Encryption
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1556.005 - Reversible Encryption
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 5.03
Matched TTPs:
- T1556.005 - Reversible Encryption
- T1591.001 - Determine Physical Locations
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.70
Matched TTPs:
- T1665 - Hide Infrastructure
- T1546.011 - Application Shimming
- T1051 - Shared Webroot
- T1197 - BITS Jobs
- T1597 - Search Closed Sources
- T1565.002 - Transmitted Data Manipulation
- T1134.002 - Create Process with Token
- T1109 - Component Firmware
- T1027.014 - Polymorphic Code
- T1609 - Container Administration Command
- T1556.005 - Reversible Encryption
- T1546.013 - PowerShell Profile
- T1131 - Authentication Package
- T1003.007 - Proc Filesystem
- T1546.008 - Accessibility Features
- T1183 - Image File Execution Options Injection
- T1590.006 - Network Security Appliances
- T1213.006 - Databases
- T1560.001 - Archive via Utility
- T1027.004 - Compile After Delivery
- T1009 - Binary Padding
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1609 - Container Administration Command
- T1051 - Shared Webroot
- T1564.003 - Hidden Window
- T1590.006 - Network Security Appliances
- T1666 - Modify Cloud Resource Hierarchy
- T1109 - Component Firmware
- T1197 - BITS Jobs
- T1685.004 - Disable or Modify Linux Audit System Log
- T1083 - File and Directory Discovery
- T1556.008 - Network Provider DLL
- T1597 - Search Closed Sources
- T1565.002 - Transmitted Data Manipulation
- T1210 - Exploitation of Remote Services
- T1547.005 - Security Support Provider
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る