Duke APT group's latest tools: cloud services and Linux support
概要
Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 4.06
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 18.72
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1008 - Fallback Channels
MITREへのリンク →
Score: 15.58
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 21.75
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1560 - Archive Collected Data
- T1612 - Build Image on Host
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 38.91
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1552.005 - Cloud Instance Metadata API
- T1058 - Service Registry Permissions Weakness
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1548.004 - Elevated Execution with Prompt
- T1218.010 - Regsvr32
- T1197 - BITS Jobs
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1588.003 - Code Signing Certificates
- T1021.001 - Remote Desktop Protocol
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 19.51
Matched TTPs:
- T1499.001 - OS Exhaustion Flood
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1021.006 - Windows Remote Management
- T1136.002 - Domain Account
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1027.004 - Compile After Delivery
MITREへのリンク →
Score: 19.92
Matched TTPs:
- T1552.005 - Cloud Instance Metadata API
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 31.51
Matched TTPs:
- T1552.005 - Cloud Instance Metadata API
- T1591.003 - Identify Business Tempo
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1608 - Stage Capabilities
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1061 - Graphical User Interface
- T1542.004 - ROMMONkit
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 25.10
Matched TTPs:
- T1552.005 - Cloud Instance Metadata API
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 36.99
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1608 - Stage Capabilities
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1056 - Input Capture
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
- T1008 - Fallback Channels
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 13.61
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1573 - Encrypted Channel
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 7.41
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1056 - Input Capture
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 21.95
Matched TTPs:
- T1606.002 - SAML Tokens
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1665 - Hide Infrastructure
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 25.59
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1021.006 - Windows Remote Management
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1565.002 - Transmitted Data Manipulation
- T1221 - Template Injection
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 15.17
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 19.64
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.16
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 24.87
Matched TTPs:
- T1606.002 - SAML Tokens
- T1202 - Indirect Command Execution
- T1140 - Deobfuscate/Decode Files or Information
- T1560 - Archive Collected Data
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1555.004 - Windows Credential Manager
- T1547.013 - XDG Autostart Entries
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 7.09
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.71
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 21.41
Matched TTPs:
- T1606.002 - SAML Tokens
- T1591.003 - Identify Business Tempo
- T1612 - Build Image on Host
- T1574.010 - Services File Permissions Weakness
- T1542.004 - ROMMONkit
- T1027.004 - Compile After Delivery
- T1055.009 - Proc Memory
MITREへのリンク →
Score: 5.19
Matched TTPs:
- T1606.002 - SAML Tokens
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 15.01
Matched TTPs:
- T1606.002 - SAML Tokens
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 37.67
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1569.001 - Launchctl
- T1608 - Stage Capabilities
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1056 - Input Capture
- T1565.002 - Transmitted Data Manipulation
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 22.07
Matched TTPs:
- T1606.002 - SAML Tokens
- T1058 - Service Registry Permissions Weakness
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1011.001 - Exfiltration Over Bluetooth
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1056 - Input Capture
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 12.41
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1058 - Service Registry Permissions Weakness
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 22.25
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1003.007 - Proc Filesystem
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1008 - Fallback Channels
MITREへのリンク →
Score: 10.89
Matched TTPs:
- T1591.003 - Identify Business Tempo
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.51
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 18.63
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1056 - Input Capture
- T1566.004 - Spearphishing Voice
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 15.39
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 13.43
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1566.004 - Spearphishing Voice
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.83
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 12.78
Matched TTPs:
- T1058 - Service Registry Permissions Weakness
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 16.86
Matched TTPs:
- T1070.003 - Clear Command History
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 11.23
Matched TTPs:
- T1070.003 - Clear Command History
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1566.004 - Spearphishing Voice
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.96
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.52
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.73
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1612 - Build Image on Host
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.40
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1056 - Input Capture
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.39
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.06
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.09
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.76
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1174 - Password Filter DLL
- T1218.010 - Regsvr32
- T1566.004 - Spearphishing Voice
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.36
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 7.24
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 13.51
Matched TTPs:
- T1005 - Data from Local System
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1218.010 - Regsvr32
- T1056 - Input Capture
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 5.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.40
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 20.31
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.003 - CMSTP
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1598 - Phishing for Information
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 3.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
MITREへのリンク →
Score: 26.21
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1560 - Archive Collected Data
- T1027.014 - Polymorphic Code
- T1056 - Input Capture
- T1506 - Web Session Cookie
- T1565.002 - Transmitted Data Manipulation
- T1055.009 - Proc Memory
- T1158 - Hidden Files and Directories
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 7.80
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1612 - Build Image on Host
- T1542.004 - ROMMONkit
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.68
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 9.41
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1542.004 - ROMMONkit
- T1174 - Password Filter DLL
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.21
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1056 - Input Capture
- T1506 - Web Session Cookie
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 7.46
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 10.59
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1174 - Password Filter DLL
- T1566.004 - Spearphishing Voice
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.99
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.24
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1056 - Input Capture
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 11.57
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1566.004 - Spearphishing Voice
- T1055.009 - Proc Memory
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 11.62
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.27
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1160 - Launch Daemon
MITREへのリンク →
Score: 7.19
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1056 - Input Capture
- T1547.013 - XDG Autostart Entries
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.40
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 13.55
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1027.004 - Compile After Delivery
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.81
Matched TTPs:
- T1140 - Deobfuscate/Decode Files or Information
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 6.24
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 4.08
Matched TTPs:
- T1136.002 - Domain Account
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.49
Matched TTPs:
- T1136.002 - Domain Account
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 17.37
Matched TTPs:
- T1136.002 - Domain Account
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1197 - BITS Jobs
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
- T1021.001 - Remote Desktop Protocol
MITREへのリンク →
Score: 8.67
Matched TTPs:
- T1589.003 - Employee Names
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 10.36
Matched TTPs:
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1218.010 - Regsvr32
- T1159 - Launch Agent
MITREへのリンク →
Score: 8.52
Matched TTPs:
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1027.007 - Dynamic API Resolution
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 8.79
Matched TTPs:
- T1612 - Build Image on Host
- T1199 - Trusted Relationship
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 12.93
Matched TTPs:
- T1567.001 - Exfiltration to Code Repository
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
- T1021.001 - Remote Desktop Protocol
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 19.02
Matched TTPs:
- T1567.001 - Exfiltration to Code Repository
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1056 - Input Capture
- T1566.004 - Spearphishing Voice
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 11.33
Matched TTPs:
- T1196 - Control Panel Items
- T1199 - Trusted Relationship
- T1566.004 - Spearphishing Voice
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.30
Matched TTPs:
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.54
Matched TTPs:
- T1087.004 - Cloud Account
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 9.09
Matched TTPs:
- T1087.004 - Cloud Account
- T1218.010 - Regsvr32
- T1056 - Input Capture
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
MITREへのリンク →
Score: 3.74
Matched TTPs:
- T1087.004 - Cloud Account
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1574.010 - Services File Permissions Weakness
MITREへのリンク →
Score: 12.90
Matched TTPs:
- T1199 - Trusted Relationship
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1665 - Hide Infrastructure
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.37
Matched TTPs:
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.69
Matched TTPs:
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1573 - Encrypted Channel
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.52
Matched TTPs:
- T1199 - Trusted Relationship
- T1565.002 - Transmitted Data Manipulation
- T1556 - Modify Authentication Process
MITREへのリンク →
Score: 3.08
Matched TTPs:
- T1199 - Trusted Relationship
- T1566.004 - Spearphishing Voice
MITREへのリンク →
Score: 10.97
Matched TTPs:
- T1199 - Trusted Relationship
- T1174 - Password Filter DLL
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.013 - XDG Autostart Entries
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 5.36
Matched TTPs:
- T1199 - Trusted Relationship
- T1027.014 - Polymorphic Code
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.52
Matched TTPs:
- T1027.014 - Polymorphic Code
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.76
Matched TTPs:
- T1573 - Encrypted Channel
- T1174 - Password Filter DLL
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.92
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.39
Matched TTPs:
- T1218.010 - Regsvr32
- T1506 - Web Session Cookie
MITREへのリンク →
Score: 6.38
Matched TTPs:
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.26
Matched TTPs:
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1218.010 - Regsvr32
- T1027.004 - Compile After Delivery
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.04
Matched TTPs:
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.77
Matched TTPs:
- T1566.004 - Spearphishing Voice
- T1027.007 - Dynamic API Resolution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 7.19
Matched TTPs:
- T1506 - Web Session Cookie
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.11
Matched TTPs:
- T1027.004 - Compile After Delivery
- T1059.012 - Hypervisor CLI
MITREへのリンク →
Score: 3.71
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.98
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1059.012 - Hypervisor CLI
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.51
Matched TTPs:
- T1059.012 - Hypervisor CLI
- T1159 - Launch Agent
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.84
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1218.010 - Regsvr32
- T1059.012 - Hypervisor CLI
- T1588.003 - Code Signing Certificates
- T1566.003 - Spearphishing via Service
- T1552.005 - Cloud Instance Metadata API
- T1548.004 - Elevated Execution with Prompt
- T1499.001 - OS Exhaustion Flood
- T1547.013 - XDG Autostart Entries
- T1197 - BITS Jobs
- T1199 - Trusted Relationship
- T1058 - Service Registry Permissions Weakness
- T1542.004 - ROMMONkit
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.78
Matched TTPs:
- T1608 - Stage Capabilities
- T1569.001 - Launchctl
- T1159 - Launch Agent
- T1055.005 - Thread Local Storage
- T1218.010 - Regsvr32
- T1565.002 - Transmitted Data Manipulation
- T1091 - Replication Through Removable Media
- T1056 - Input Capture
- T1606.002 - SAML Tokens
- T1556 - Modify Authentication Process
- T1547.013 - XDG Autostart Entries
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1058 - Service Registry Permissions Weakness
- T1612 - Build Image on Host
MITREへのリンク →
Score: 0.77
Matched TTPs:
- T1665 - Hide Infrastructure
- T1003.007 - Proc Filesystem
- T1608 - Stage Capabilities
- T1565.002 - Transmitted Data Manipulation
- T1091 - Replication Through Removable Media
- T1027.014 - Polymorphic Code
- T1056 - Input Capture
- T1027.004 - Compile After Delivery
- T1606.002 - SAML Tokens
- T1547.013 - XDG Autostart Entries
- T1197 - BITS Jobs
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1008 - Fallback Channels
- T1506 - Web Session Cookie
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.70
Matched TTPs:
- T1608 - Stage Capabilities
- T1061 - Graphical User Interface
- T1091 - Replication Through Removable Media
- T1552.005 - Cloud Instance Metadata API
- T1547.013 - XDG Autostart Entries
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1058 - Service Registry Permissions Weakness
- T1542.004 - ROMMONkit
- T1506 - Web Session Cookie
- T1612 - Build Image on Host
- T1591.003 - Identify Business Tempo
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1055.009 - Proc Memory
- T1565.002 - Transmitted Data Manipulation
- T1560 - Archive Collected Data
- T1027.014 - Polymorphic Code
- T1056 - Input Capture
- T1158 - Hidden Files and Directories
- T1506 - Web Session Cookie
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1003.007 - Proc Filesystem
- T1566.004 - Spearphishing Voice
- T1552.005 - Cloud Instance Metadata API
- T1027.004 - Compile After Delivery
- T1056 - Input Capture
- T1606.002 - SAML Tokens
- T1547.013 - XDG Autostart Entries
- T1059.012 - Hypervisor CLI
- T1199 - Trusted Relationship
- T1136.002 - Domain Account
- T1506 - Web Session Cookie
- T1612 - Build Image on Host
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1665 - Hide Infrastructure
- T1003.007 - Proc Filesystem
- T1091 - Replication Through Removable Media
- T1560 - Archive Collected Data
- T1499.001 - OS Exhaustion Flood
- T1606.002 - SAML Tokens
- T1547.013 - XDG Autostart Entries
- T1506 - Web Session Cookie
- T1612 - Build Image on Host
MITREへのリンク →
Score: 0.58
Matched TTPs:
- T1021.001 - Remote Desktop Protocol
- T1555.004 - Windows Credential Manager
- T1202 - Indirect Command Execution
- T1218.010 - Regsvr32
- T1560 - Archive Collected Data
- T1027.004 - Compile After Delivery
- T1606.002 - SAML Tokens
- T1547.013 - XDG Autostart Entries
- T1199 - Trusted Relationship
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.57
Matched TTPs:
- T1566.004 - Spearphishing Voice
- T1218.010 - Regsvr32
- T1091 - Replication Through Removable Media
- T1027.014 - Polymorphic Code
- T1027.007 - Dynamic API Resolution
- T1547.013 - XDG Autostart Entries
- T1059.012 - Hypervisor CLI
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1556 - Modify Authentication Process
- T1612 - Build Image on Host
- T1174 - Password Filter DLL
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1573 - Encrypted Channel
- T1056 - Input Capture
- T1606.002 - SAML Tokens
- T1027.007 - Dynamic API Resolution
- T1547.013 - XDG Autostart Entries
- T1199 - Trusted Relationship
- T1058 - Service Registry Permissions Weakness
- T1011.001 - Exfiltration Over Bluetooth
- T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1565.002 - Transmitted Data Manipulation
- T1091 - Replication Through Removable Media
- T1021.006 - Windows Remote Management
- T1027.004 - Compile After Delivery
- T1056 - Input Capture
- T1606.002 - SAML Tokens
- T1556 - Modify Authentication Process
- T1087.004 - Cloud Account
- T1199 - Trusted Relationship
- T1221 - Template Injection
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design